Set to go into effect on January 1, 2020, the CCPA will affect lots of companies doing business in California, but 86% have yet to meet compliance goals.
A new report on the state of California Consumer Privacy Act (CCPA) readiness should raise alarms for any tech firms that do business in California.
The report from privacy compliance company TrustArc finds that 86% of companies affected by the CCPA, which goes into effect on January 1, 2020, have yet to meet compliance goals.
With less than 10 months to go until the CCPA goes live, this report is a critical look at what businesses need to do to become compliant before penalties start being assessed.
It’s important to note that the report’s 86% figure doesn’t mean all of those businesses have yet to start working toward compliance. Only 16% have yet to start, 28% said they are working on preliminary plans, 9% have made plans but not started implementation, 19% have begun implementation, and 16% are well on their way.
The study also found that companies who had to comply with the EU’s General Data Protection Regulation (GDPR) are much farther along in their CCPA implementation. Some 21% of companies affected by both GDPR and CCPA are already compliant, as opposed to only 6% for those only affected by CCPA.
As noted by the Future of Privacy Forum, the GDPR and the CCPA have a number of similarities that make meeting compliance for the CCPA a simpler process for organizations that have already worked to meet GDPR rules.
The report makes clear the costs of implementing CCPA rules for affected organizations: 71% of them expect to spend more than $1 million to meet requirements.
As with compliance rates mentioned above, GDPR preparation has been a boon for companies affected by CCPA, with only 62% of them expected to invest $1 million or more on CCPA. Some 78% of companies concerned solely with CCPA will spend the same amount.
What companies need to do to meet CCPA compliance goals
If your organization is affected by CCPA, which covers how companies collect, store, and use user data, it’s time to get serious about meeting compliance goals. The CCPA is going to be the toughest privacy law in the US, and with California being the most populous state there’s a good possibility it affects you and your business.
The report makes clear that organizations need help to meet compliance goals, with 88% of respondents saying the need external help to understand what exactly they need to do to get in line with the CCPA.
TrustArc concludes that investing in CCPA-centric tech solutions and consulting services will be a must for those who still need to enact compliance plans. If you’re still in the exploration phase, or don’t know whether you’re affected, it’s time to start planning and looking for the budget needed to meet the January 1, 2020 deadline.