Right to be Informed

Data Protection Impact Assessment (DPIA) is a requirement that compels businesses to assess the risk and impact of their processing activities.While the CCPA does not require businesses to conduct a DPIA, the California Consumer Privacy Act (CPRA) under Section 1798.185(a)(15) requires businesses to perform an assessment on processing activities that may expose personal data to significant risks.

Purpose limitation or data use limitations requires that businesses ensure that they limit the use of personal information (PI) to the purposes for which it was collected.The GDPR provides more leeway when it comes to purpose limitation. <a href=https://gdpr.eu/article-5-how-to-process-personal-data/GDPR Article 5</a> indicates that “further processing” may be permitted when the new purposes are “not… considered… incompatible with the initial purposes.”