Data Protection Online Training - available 24/7

Data protection privacy concept. GDPR. EU. Cyber security networ

Not familiar with e-Learning?

Products	SKU	Attributes	Content	Price	Action
GDPR Course for Implementers and DPOs - start today	Course 729 - 12 hours	+ ISO 21001 Accredited :: Available on-demand 24/7	View Course	$359	Add to cart
EU GDPR Foundation Course - start today	Course 728 - 6 hours	+ ISO 21001 Accredited :: Available on-demand 24/7	View Course	$179	Add to cart

EU GDPR vs UK GDPR vs CPPA vs CPRA – it can be confusing

The rights for the protection of personal data vary significantly from one jurisdiction to another

We are often asked about these similar but different regulations and statutes regarding Personal Data Protection. So, we decided to put this short introduction together and tell you where to go for further authoritative information.

What we’re talking about are the four most frequently referenced pieces of Personal Data Protection legislation which, while similar, differ significantly in their detail, have changed recently in their content and application with further changes to come. No wonder then that people get confused. Let’s begin with a definition …

‘Personal data’ is any information about an identifiable person.

An identifiable person can be directly or indirectly identified by reference to an identification number or one or more factors specific to their physical, physiological, mental, economic, cultural or social identity.
The ‘data subject’ is the title given to the person whose personal data are collected, held or processed.
In the EU and worldwide, the data subject’s rights regarding the processing, handling and storing of their personal data are codified in law (better in some jurisdictions than others).
And must be respected by all public and private sector organisations and individuals in possession and/or control of such data.

EU GDPR (EU and EEA)

The General Data Protection Regulation (EU GDPR) is the world’s strictest privacy and security law. It applies throughout the EU and EEA area.

Though it was drafted and passed by the European Union (EU), it imposes obligations onto organisations anywhere globally, so long as they target or collect data related to people in the EU.

The regulation was put into effect on May 25, 2018, and levies harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros.

With the GDPR, Europe is signalling its firm stance on data privacy and security at a time when more people are entrusting their personal data with cloud services, and breaches are a daily occurrence.

The regulation is significant, far-reaching, and relatively light on specifics, making GDPR compliance a daunting prospect, particularly for small and medium-sized enterprises (SMEs).

The six most common applications of GDPR are:

EU PARENT COMPANY: If your parent company is registered in an EU member state, GDPR compliance may be coordinated at that level. If so, you may be able to rely on parent company procedures.
PERSONAL DATA STORED LOCALLY: Local data that parent company processes may not capture will likely be held. Examples might include HR/payroll and mobile phone contacts.
LOCAL SUPPLIERS: You should formally advise local suppliers of your potential need to audit their processes for GDPR compliance, mainly where local suppliers are a vital part of the supply chain.
STAFF TRAINING: Training is required for everyone in the company, doesn’t matter the position, from the goods received clerk to the board of directors. Embedding GDPR principles in the company culture will be critical in achieving compliance. Therefore, while training is necessary, top management support is also vital.
OFF-SITE STORAGE: When evaluating the results of a data audit, you should consider the status of archive documents held off-site. It should be a consideration to document the control of such information when it is retrieved from the archive and re-introduced into the main body of company documentation.
TRADING WITH NON-EU COMPANIES: If you are trading with entities in a 3rd country that does not have an adequate data protection regime, personal data transfer may only occur via a legal transfer mechanism.

UK GDPR (United Kingdom)

The United Kingdom General Data Protection Regulation (UK-GDPR) is the UK’s data privacy law that governs the processing of personal data from individuals inside the UK.

The UK-GDPR was drafted due to the UK leaving the EU, which resulted in the EU’s GDPR not applying domestically to the UK any longer.

There are very few substantial differences between the UK-GDPR and its EU equivalent.

Essentially, the UK has lifted the entire structure of the EU GDPR and put it into UK law. However, the UK-GDPR changes critical areas of the law concerning national security, intelligence services and immigration.

As with EU GDPR, any company or organisation that processes personal data from individuals inside the UK must comply with the UK-GDPR – even if the organisation isn’t located within the UK.

In June 2021, the European Commission (EC) adopted two UK data adequacy decisions. These decisions mean data flows between the EU and the UK can continue, and no additional safeguards are required.

The UK plans to introduce new legislation regarding data protection before the end of 2023 and to abandon UK-GDPR. Likely consequences will include loss of the EU data adequacy decision benefits and further disruption of UK trade with the EU.

CPPA (California)

Personal Data Protection needs to be better developed in the USA. The most stringent relevant law is the California Consumer Privacy Act (CCPA, January 2020), a state statute intended to enhance privacy rights and consumer protection for residents of California. The law created an array of consumer privacy rights and business obligations regarding collecting and selling personal information.

The Act intends to provide California residents with the right to:

Know what personal data is being collected about them.
Know whether their personal data is sold or disclosed and to whom.
Say no to the sale of personal data.
Access their personal data.
Request a business to delete any personal information about a consumer collected from that consumer.
Not be discriminated against for exercising their privacy rights.

The difference between GDPR and CCPA is that the CCPA protects “consumers” who are natural persons and who must be California residents to be covered, whilst the GDPR protects “data subjects,” who are natural persons and do not specify residency or citizenship requirements.

Variants of CCPA have been adopted by other States of the USA, where the individual states decide on data protection matters. A Federal solution is far more beneficial to American owners and users of personal data.

CPRA (California)

The California Privacy Rights Act (CPRA), Proposition 24, is a ballot measure California voters approved on November 3, 2020. It significantly amends and expands the CCPA, sometimes called CCPA 2.0. Most of the provisions of CPRA won’t become operative until Jan. 1, 2023.

The CPRA creates two additional rights:

the right to correct inaccurate personal information; and
the right to limit the use and disclosure of sensitive personal information.

What of personal data protection elsewhere in the world?

By 2023, 65% of the world’s population will have its personal data covered under current privacy regulations, according to Gartner, the global research organisation.

As increasingly social and economic activities occur online, the importance of privacy and data protection is increasingly recognised. Of equal concern is the collection, use and sharing of personal information with third parties without notice or consent of consumers.

Many data protection law initiatives continue to be passed and adopted. 2022 will see more regions in Europe, the Middle East, the United States, and the Asia Pacific introducing or amending data privacy and protection laws.

137 out of 194 countries had put in place legislation to secure the protection of data and privacy.

Africa and Asia show different levels of adoption, with 61% and 57% of countries have adopted such legislation. The share in the least developed countries is only 48%.

For further information

Follow these links to get detailed information and advice…

… it has been an excellent source of information and increased my experience of implementing the ISO 9001 and auditing.
There were a few minor issues with course content integration with course software, however, Customer Service through the Support Ticket was quick to respond and address issues. The ability to learn and gain qualifications through an online platform such as deGRANDSON’s offer is an extremely flexible option. I would commend this learning option and the use of Safari iOS which works consistently with the learning platform. The Support Team are very efficient and quickly resolves any issues that might be encountered, many thanks.

Anon
08-May-21
This is an excellent course. The content in the 3 modules was so beneficial and helped me to grasp details that I had previously struggled with. It was evident that the content was factual and from the real world in its tips for application. The answers and direction provided in the FAQ’s was excellent and very helpful. Any query I had was answered promptly. I honestly don’t know what you could do better. Thank you for all your help and guidance.

Anon
(31-Jan-22)
Course states 24 hours, I would say it took double that time to complete. Had some technical difficulties but Ultan King in support has been very helpful in resolving all issues.

Anon
(17-Sep-21)
Have only completed the first part of the course, enjoying it immensely, so far. the content is thorough and clearly explained. I only have one small observation – that it may be better using a real person, or even person(s) to present rather than a computer generated voice which can be a little wearing over time.

David Vickers
(Private Learner)
Cost / learning is really adapted. You can progress with adapted elearning at your rythm

Benoît F.
(Private Learner)
I’m extremely pleased with my ISO 45001 Lead Auditor course from deGrandson that I started in February 2021. I work for Amazon as a Construction Manager constructing fulfilment centers in the UK, EU and worldwide. The course material is excellent, the online learning system is very easy to use and the course is very well structured. I highly recommend this course by deGrandson. Dr John FitzGerald is an expert in this subject area and it shows. You will be pleased that you also chose to study with deGrandson.

Kenny M.
1construct
These are very detailed courses and they work very well for us.

Christina C.
hg-medical
On-line study at my own pace is most suitable learning media to me. The course is timely with the latest 2019 edition of the Standard coupled with value for money package.

Gnana Sakaran Rajagopal (Principal)
GSR Consulting Services
All the way through this course I have been extremely impressed with the excellent support that has been in place for students, and this provides confidence that issues are resolved promptly with fair consideration.

Steve Fitzjohn
(Private Learner)

Select your Data Protection Course

Available 24/7 :: any time, any place, any device

Not familiar with e-Learning?

EU GDPR vs UK GDPR vs CPPA vs CPRA – it can be confusing

The rights for the protection of personal data vary significantly from one jurisdiction to another

EU GDPR (EU and EEA)

UK GDPR (United Kingdom)

CPPA (California)

CPRA (California)

What of personal data protection elsewhere in the world?

For further information

Internationally-recognized Certificates

Satisfied Customers Say:

Anon

Anon

Anon

David Vickers

Benoît F.

Kenny M.

Christina C.

Gnana Sakaran Rajagopal (Principal)

Steve Fitzjohn

Free Trial Lesson

Smart Ticket System

Secure payment

And you can spread the cost of your purchase

No hidden charges

Frequently asked questions

Test your auditor skills