Last year on May 31st, GDPR came into effect for all companies across the world that had trade relations with the EU. The GDPR, which is the model for data privacy laws around the world, has inspired many such regulations. One of the most significant ones the CCPA in California is being modeled on the GDPR. It is currently scheduled to take effect on January 1, 2020.
However, the US industry is not ready for the Act, considering it will take effect in just a few months. In a survey by TrustArc, that issues TRUSTe certification, across IT and legal professionals at 250 companies from a range of industries found some interesting results. The survey was carried out by Dimensional Research that gauges the readiness of U.S. companies and their plans for complying with the California Consumer Privacy Act (CCPA). Figures were telling.
The survey revealed that only 14% of companies are CCPA compliant while 44% have not yet started the implementation process. “At TrustArc, we’ve seen a significant increase in the number of customers coming to us for support to comply with CCPA,” said Chris Babel, CEO of trust is. “Companies that took the steps to comply with GDPR are already ahead of the game and will have an easier path to meet the requirements of CCPA. The companies that did not work on GDPR compliance will be under the gun to implement scalable compliance processes by the January 1, 2020 deadline.”
Slated to become the toughest privacy law in the United States, working on expanding the rights of consumers, and requiring businesses to be significantly more transparent about how they collect, use, and disclose personal information, the CCPA compliance will impact tens of thousands of businesses worldwide that have customers or employees located in California.
The findings of the survey go on to say:
- 71% of companies expect to spend more than six figures to comply with CCPA
- 1 in 5 expect to spend more than $1 million to achieve CCPA compliance
- For companies that were not impacted by GDPR, 79% will spend more than six figures to comply with CCPA,
To understand and plan for CCPA:
- 88% require external help to understand CCPA requirements
- 72% plan to invest in technology to prepare for CCPA, while 61% plan to spend on consulting expertise
- 64% of companies need help developing their CCPA privacy plan
Motivations for complying with CCPA vary
- 62% of respondents list that the top motivation to comply is to meet a partner and/or customer requirements
- 45% list internal reporting requirements and 41% supporting company values
- 35% list the risk of fines or class action lawsuits as the top driver, and 18% the risk of negative media coverage A new survey has found that only 14% of companies subject to looming California Consumer Privacy Act regulation consider themselves fully compliant, yet
Interestingly, when asked about the budgeted spend on CCPA compliance, 71% of respondents said their spending would exceed $100,000; 39% said it would be more than $500,000 and 19% said it would be more than $1 million. The top areas of investment were technology and tools (72%), consultants (61%), lawyers (55%) and internal hiring (45%).
In addition, the primary motivation for “investing in CCPA compliance” was about meeting customer and partner expectations and of course, the loss of business in case of non-compliance. I
The survey broadly indicates that while most companies are aware of CCPA and are somewhere on the compliance spectrum.