Fines for not complying to above laws can be costly, depending on the degree of violation.
For GDPR fine range from €10 to €20 million, or 2% to 4% of the corporation’s worldwide annual revenue.
CCPA fines range from $2,500 for unintentional to $7,500 for intentional violation, per violation. One “violation” occurs per consumer.

CCPA protects California residents regardless where they are at the moment.

GDPR protects EU citizens, and applies to businesses around the world reaching EU.

General Data Protection Regulation (GDPR) applies to all businesses large and small, with few exceptions.
Companies with fewer than 250 employees must keep records of personal data
processing activities if it is a regular activity or contains sensitive data.

The main CCPA requirements for businesses are:

• Disclose collection.
• Provide the right of deletion.
• Give consumers the opportunity to exercise their rights.
• Have a CCPA-compliant privacy policy.
• Comply with consumer requests.
• Respect consumers’ rights under CCPA.

California Privacy Rights Act (CPRA) covers any business matching at least one of three conditions:

• Have $25 million or more in annual revenue
• Possess the personal data of more than 50,000 “consumers, households, or devices”, or
• Earn more than half of its annual revenue selling consumers' personal data.