Comparing the CCPA and GDPR
The CCPA is similar to the European Union’s General Data Protection Regulation (GDPR), which came into effect in May 2018, in that they both give rights to consumers over their data and define responsibilities. However, the GDPR imposes additional obligations, such as the requirement to ensure that personal data is protected as it crosses borders, and requiring businesses to follow certain rules regarding notice to individuals and regulators when a data breach occurs. You can find more information of what Shopify did to prepare for the GDPR in Shopify’s GDPR whitepaper.
Much of the work to prepare for the GDPR applies to the CCPA, but complying with the GDPR doesn't mean that you comply with the CCPA. The GDPR applies to European residents, but the CCPA applies to California residents. The GDPR applies to personal data of data subjects, but the CCPA applies to personal information of consumers and households. The GDPR places requirements on transferring data across borders, but the CCPA places restrictions on the sale of data. Additionally, the GDPR and CCPA have different breach notification requirements and penalties for non-compliance.
For more information, download Shopify's CCPA whitepaper (in English).