GDPR vs CCPA: What Privacy Law Actually Protects (And the Gaps That Will Surprise You)

Two laws dominate the privacy landscape for most people who think about privacy law at all: the EU's General Data Protection Regulation (GDPR) and California's Consumer Privacy Act (CCPA). Both have been in force for years. Both have been used as shorthand for "strong privacy protection." Both have significant gaps that most people — including many developers and compliance officers — don't fully understand. This piece examines what each law actually does, what it doesn't do, and why "we're GDPR/CCPA compliant" often means less than it sounds. GDPR: The Architecture GDPR came into force May 2018. It applies to any organization processing personal data of EU residents, regardless of where the organization is located. A US startup with EU customers is subject to GDPR. What GDPR requires: Lawful basis for processing : You can't just collect and process personal data. You need a lawful basis — consent, legitimate interest, contractual necessity, legal obligation, vital interest, or public

GDPR vs CCPA: What Privacy Law Actually Protects (And the Gaps That Will Surprise You)

Related Articles

Best Mid Layer for Hiking, Backpacking, and Travel (2026)

The Judgment Premium

The Claude-Native Law Firm

Count Subarray Sum equals to k

Week 3 — Arrays, Matrices and Strings. This Week Hit Different.

Related Articles

News
Best Mid Layer for Hiking, Backpacking, and Travel (2026)
Wired • 45m ago

News
The Judgment Premium
Medium Programming • 59m ago

News
The Claude-Native Law Firm
Medium Programming • 1h ago

News
Count Subarray Sum equals to k
Medium Programming • 1h ago

News
Week 3 — Arrays, Matrices and Strings. This Week Hit Different.
Medium Programming • 1h ago