What is the difference between GDPR and CCPA?

Here are the main differences between CCPA and GDPR:

.tg {border-collapse:collapse;border-color:#ccc;border-spacing:0;} .tg td{background-color:#fff;border-color:#ccc;border-style:solid;border-width:1px;color:#333; font-family:Arial, sans-serif;font-size:14px;overflow:hidden;padding:10px 5px;word-break:normal;} .tg th{background-color:#f0f0f0;border-color:#ccc;border-style:solid;border-width:1px;color:#333; font-family:Arial, sans-serif;font-size:14px;font-weight:normal;overflow:hidden;padding:10px 5px;word-break:normal;} .tg .tg-buh4{background-color:#f9f9f9;text-align:left;vertical-align:top} .tg .tg-0vih{background-color:#f9f9f9;font-weight:bold;text-align:center;vertical-align:top} .tg .tg-amwm{font-weight:bold;text-align:center;vertical-align:top} .tg .tg-0lax{text-align:left;vertical-align:top}
Type Statutory and regulatory Regulatory
Scope Applies to for-profit businesses that hold personal information of California residents Applies to businesses that hold personal data of EU/EEA residents
Personal data Information that relates to an individual, household or device. Excludes publicly available personal information recorded by federal, state, or local government. Data that relates to a living individual and is used for commercial purposes. Excludes publicly available information.
User rights – Right to know about and access personal information
– Right to delete personal information
– Right to opt-out of the sale of personal information
– Right to non-discrimination for exercising the CCPA rights
– Right to access personal data
– Right to correct personal data in case of inaccuracy
– Right to delete personal data
– Right to restrict personal data processing
– Right to port data to another controller
– Right to object to personal data processing
– Right to object automated data processing for decision making and profiling
Opt-in necessary for data collection No (unless the consumer is under 16 years old) Yes
Right to opt-out Yes Yes
Age of consent 16. Parental consent is mandatory for consumers below 13 years. 16 (Member State laws can lower it to 13). Parental consent is mandatory for those who are below 16.
Cookie usage Opt-in consent not necessary but opt-out is mandatory for cookies that sell personal information. Opt-in consent is necessary to use cookies that track personal data. Opt-out should also be available for users.
Fine Up to $2,500 for each violation and $7,500 for each intentional violation. – Up to €10 million or 2% of annual global turnover, whichever is highest, for less severe violations.
– Up to €20 million or 4% of annual global turnover, whichever is highest, for severe violations.
Enforcer California Attorney General EDPB, EU Commission, and Member State data protection authorities.