Unsurprisingly, only 14% of companies are compliant with CCPA
With less than 10 months before the California Consumer Privacy Act (CCPA) goes into effect, only 14% of companies are compliant with CCPA and 44% have not yet started the implementation process.
Of companies that have worked on GDPR compliance, 21% are compliant with CCPA, compared to only 6% for companies that did not work on GDPR, according to the TrustArc survey conducted by Dimensional Research.
“At TrustArc, we’ve seen a significant increase in the number of customers coming to us for support to comply with CCPA,” said Chris Babel, CEO of TrustArc. “Companies that took the steps to comply with GDPR are already ahead of the game and will have an easier path to meet the requirements of CCPA. The companies that did not work on GDPR compliance will be under the gun to implement scalable compliance processes by the January 1, 2020 deadline.”
The CCPA is set to be the toughest privacy law in the United States, broadly expanding the rights of consumers, and requiring businesses within scope to be significantly more transparent about how they collect, use, and disclose personal information.
The CCPA compliance deadline is January 1, 2020 and will impact tens of thousands of businesses worldwide that have customers or employees located in California.
Investments to comply run high
- 71% of companies expect to spend more than six figures to comply with CCPA
- 1 in 5 expect to spend more than $1 million to achieve CCPA compliance
- For companies that were not impacted by GDPR, 79% will spend more than six figures to comply with CCPA, compared to 61% who have worked on GDPR compliance
Companies need help to understand and plan for CCPA
- 88% require external help to understand CCPA requirements
- 72% plan to invest in technology to prepare for CCPA, while 61% plan to spend on consulting expertise
- 64% of companies need help developing their CCPA privacy plan
Motivations for complying with CCPA vary
- 62% of respondents list that the top motivation to comply is to meet partner and/or customer requirements
- 45% list internal reporting requirements and 41% supporting company values
- 35% list the risk of fines or class action lawsuits as the top driver, and 18% the risk of negative media coverage