As noted by Anju Khurana, Head of Privacy of the Americas, Bank of New York Mellon, “There are now over 100+ privacy laws in the world and GDPR is driving other countries to adopt similar regulations.” (corpcounsel.com, Oct. 2019). The California Consumer Protection Act (“CCPA”) which comes into effect on January 1, 2020, is the latest, and very likely not the last. Most data privacy experts anticipate additional states enacting data privacy regulations and think it likely that Congress will eventually do so at the federal level.
While modeled on the General Data Protection Regulation (“GDPR”), which came into effect in May 2018, there are differences, both small and substantial. A comparison of many of the key requirements from Thomson Reuter, Practical Law can be found here.