CCPA vs GDPR & How To Make Your Website Compliant?

by Bishnu Mahali

Last Modified: July 22, 2020

By Bishnu Mahali

Last Modified: July 22, 2020

CCPA vs GDPR! Let's dig in.

The alarming rate of website hacks has made people excessively concerned about data privacy and website safety.

This, in turn, made it essential for a website to ensure it to the users that their data will be safely handled.


On the other hand, the privacy laws of various countries have made it mandatory for all the websites to publish a privacy policy and comply with the legal frameworks that serve as a guideline for the privacy regulations in their area of operation.

CCPA and GDPR are the two most popular privacy regulations of the world. But CCPA vs GDPR differences is still not clear to most of the people.

In this article, we will tell how to make your website compliant with CCPA or GDPR or any other privacy policy along with a detailed CCPA vs GDPR comparison.

NOTE: This article is not written by any lawyer. The article is solely based on self learning using the resources available on the internet.

GDPR - General Data Protection Regulation

What is GDPR?

GDPR or General Data Protection Regulation is a European legal framework. It was implemented in May 2018. It sets guidelines for the collection, processing, and storage of the personal data of EU citizens.

GDPR defines personal data in the following way - “Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

But it applies to the personal data processed in one of the two ways:

  • Processed wholly or partially by automated means
  • Not processed by automated means but the data forms the part of a filing system or a written record of a manually filling system 

GDPR sets 7 principles for processing of personal data:

  • Lawfulness, fairness, and transparency
  • Purpose limitation
  • Data minimization
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality
  • Accountability 

Here is a list of major rights under GDPR:

  • Right to be informed
  • Right to access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights related to automated decision making 

What is CCPA?

California Consumer Protection Act or CCPA is Californian privacy law. It came into effect from 1st January 2020. The goal of the law is to protect the personal data of California citizens.

As per CCPA, the definition of personal data includes:

  • Name
  • Date of birth
  • Home address
  • IP address
  • Email address
  • Social security number or Passport
  • Biometric data
  • Geometric data
  • financial information like details of credit or debit card 

Here is a list of major rights that CCPA provides:

  • Right to access
  • Right to knowledge
  • Right to consent
  • Right to equality
  • Right to be forgotten

CCPA vs GDPR - The Differences Between CCPA & GDPR

CCPA and GDPR are very similar as both of them guarantee data security. but there are some areas where they differ from each other. Here are the key differences between CCPA and GDPR:

  • GDPR focuses on all the EU citizens whereas CCPA considers consumers and household both as identifiable entities
  • GDPR applies to all the organizations that deal with the personal data of EU citizens but CCPA applies to only the for-profit organizations with annual revenue of more than $25 million USD or whose primary business involves the selling of personal data of California citizens
  • GDPR mandates a penalty for non-compliance or data breach which can reach up to 4% of the company’s annual turnover whereas CCPA fines are applied per violation up to a maximum of $7500 USD

Who Needs To Comply With CCPA & GDPR?

Any organization which deals with the personal data of EU citizens must comply with the GDPR, even if they do not have a business presence within the EU. The major criteria for an organization that requires to comply are:

  • Business presence in an EU country
  • No physical presence in the EU, but the organization uses personal information of European residents
  • Strength of more than 250 employees
  • Less than 250 employees but the data-processing of the company affects the rights and freedom of data subjects or includes certain types of sensitive personal data

CCPA is slightly narrower compared to GDPR. Any for-profit organization that deals with the personal information of the citizens of California for business purposes needs to be compliant with CCPA only if:

  • It has a gross annual revenue that exceeds $25 million
  • It has the data of at least 50,000 California citizens or households or devices in its possession
  • Earns more than 50% outfits annual gross revenue from selling the personal data of the citizens.

How To Comply With CCPA And GDPR?

There are certain things that you require on your site to make it compliant with various privacy policies.

Publishing privacy policy pages and features to take users’ consent before collecting and processing their personal data are to name a few.

There are two ways to add these things to your website. You can either create a privacy policy and publish it on your site or embed a consent checkbox to your site manually or go for a plugin.

The second option is much easier. Here we will give you a list of the most widely used WordPress privacy policy generator plugins of the year.

Top 5 WordPress Plugins To Help You Comply With CCPA & GDPR

Now let's talk about the WordPress plugins that will help you out to comply with both GDPR and CCPA at once.

WP Legal Pages Pro Plugin Privacy Policy Generator For WordPress

WP Legal Pages Pro is an elegant WordPress plugin designed especially to create attorney level legal documents on your site.

It is a popular privacy policy generator. Within a few minutes, you can make your site compliant with CCPA or GDPR using this plugin.

It has hundreds of shortcodes to display legal documents on your site. It is easy to use and well documented.

It works well with all the modern WordPress themes. It is available in both free and premium versions.

The plugin offers you 25+ ready to use templates made for different purposes. You just have to import the templates to your dashboard and enter your details to create your privacy policy page.

You can even edit the default fields. All the templates are designed after having a consultation with experienced lawyers.


  • GDPR privacy and cookie policy
  • CCPA compliance
  • Website terms and conditions
  • External linking policy
  • Anti-spam policy
WP Cookie Consent Plugin Screenshot

WP Cookie Consent is a simple yet modern WordPress plugin that makes your website compliant with GDPR and CCPA automatically.

It is designed to take users’ consent before sending any cookies. It allows you to comply with EU GDPR’s cookie consent and CCPA’s “Do not sell” opt-out regulations.

It helps you to get visitors’ consent by adding a customizable cookie consent bar on your site.

You may display a customizable notice with a “Do not sell my personal information” link to your site. The plugin will give your users the option to revoke their consent anytime.

WP cookie consent offers you lots of easy to use features like advanced cookie detectors, auto cookie categorization, auto block common third-party scripts, etc.

There are features or hide or display cookie notices based on geolocation. You may edit cookie information manually.

The plugin is translation ready. It is beginner-friendly and has exclusive documentation. There are free lifetime updates.


  • Granular cookie consent
  • One-click cookie scanner
  • Customizable cookie notices
  • Geo-location targeting
  • Consent log
MonsterInsights Google Analytics Plugin

MonsterInsights is a popular WordPress Google Analytics plugin. It makes the analytics of your site compliant with GDPR, CCPA, or other privacy policy automatically.

With this plugin, you can track scrolls, file downloads, outbound links, and many more things. There are features to generate individual post and page reports.

You will get an email notification every week containing an analytics summary of the previous week or the most valuable metrics that were delivered to your account.

Monster Insight provides you with advanced targeting options. The behavioral tracking and audience demographic tracking options give you a detailed insight into the tar groups’ preferences, shopping habits, and values.

It works well with all the modern WordPress plugins. Integrating it with a WordPress form plugin, you can create a GDPR or CCPA compliant form with a consent checkbox and use it as an easy option to take visitors’ consent.


  • GDPR compliant
  • Universal tracking
  • Google Analytics dashboard
  • Real-Time statistics
  • SEO score tracking
  • Use ID tracking
  • Author Tracking

Here's an overview and installation video that I made on YouTube:

Wanna learn more about MonsterInsights? Read this here.

WP Forms Logo

WPForms is an advanced WordPress form builder. It allows you to halt all cookies and geolocation tracking with just a single click.

You can build GDPR or CCPA compliant forms with consent checkboxes within minutes.

There are options to stop collection and storing IP addresses and other user information related to form entries.

You can embed your forms to blogs, pages, sidebar widgets, and footer area.

WPForms allows you to create numerous types of forms like contact form, payment form, survey form, registration form, etc.

You can view all the leads in a single place which lets you streamline your workflow easily.

Users can upload files and media with the form submission. There are features for instant notification.

Wanna learn more about WPForms? Read complete WPForms review here.


  • Drag & drop form builder
  • Multi Page forms
  • Pre-built form templates
  • Use registration
  • Spam protection
  • Geolocation data
Delete Me Plugin WordPress

Delete Me is a simple WordPress plugin. It gives your users the choice of whether or not to stay registered with your site.

It provides them with the option to register with your site and to delete their account whenever they want.

This option improves your relationship with your users as they know that anytime they can change their minds and move away if they are not happy with your services.

Delete me empowers the users with the “right to be forgotten” which means that they can request for deletion of their information which is in possession of your website.

It is an easy way of sharing responsibility or handling data safely for small and mid-sized businesses.

You get immediate email notification when a user deletes his or her account. It is a free plugin.


  • Give your users the option delete their account anytime
  • Take permission from users to erase their data
  • Limit the option of account deletion to specific users
  • Add account deletion options anywhere on your site
  • Lots of shortcodes to add account deletion options to your site


Now since you know the differences of CCPA and GDPR, you may easily find out what privacy laws to follow. What to include in your privacy policy will largely depend on your area of operation.

If you are dealing with EU citizens, you will need to follow GDPR. Similarly, if you use personal data of California citizens, you will be required to comply with CCPA.

No matter whether you have a physical presence in the countries. All the plugins listed above will help you comply with both the legal frameworks easily.

So, just log in to your WordPress account and move ahead to create your own policy page.

If you liked the article, please share it on Facebook and Twitter. Leave your feedback on the comment section. If you have any questions, please let us know.

About the author

Bishnu Mahali

Hi, I'm Bishnu Mahali from Siliguri, India. Apart from Blogging, I am a Digital Marketer and Creator. I also produce YouTube videos and 2 podcasts as well. Do follow me on Instagram @itsBishnuMahali to learn more about me and the Business Stuff.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Never miss an update! Keep yourself up-to-date with the knowledge about blogging.

No Spam Guranteed.