US Orgs Not Ready to Comply with CCPA

US Orgs Not Ready to Comply with CCPA

Protecting consumer privacy has become a top priority for legislators as candidates launch their 2020 campaigns and try to win over voters. According to research findings revealed in the new CCPA and GDPR Compliance Report, however, US companies haven't made privacy regulations a top priority.

The online survey, conducted by TrustArc, reflects responses from 250 IT professionals who represent a wide spectrum of industries and company sizes. Of all the participating organizations, half were impacted by both General Data Protection Regulations (GDPR) and California Consumer Privacy Act (CCPA), while half were impacted only by CCPA. The report found that 88% of companies need help complying with California’s new privacy regulations.

According to the findings, only 14% of companies are currently compliant with CCPA, despite its deadline being less than 10 months away. Additionally, survey results revealed that 84% of respondents have started the CCPA compliance process, though only 56% have moved forward to the implementation stage.

Even though fewer than half (44%) have not yet started the implementation process, 64% of companies said they need help developing their CCPA privacy plan. However, compliance readiness varied depending on whether companies have already worked on GDPR compliance.

Responses from those companies that were not impacted by GDPR showed that 79% will need to spend more than six figures to comply with CCPA, while only 61% of companies that have worked on GDPR compliance will need to spend as much.

“At TrustArc, we’ve seen a significant increase in the number of customers coming to us for support to comply with CCPA,” said CEO Chris Babel. “Companies that took the steps to comply with GDPR are already ahead of the game and will have an easier path to meet the requirements of CCPA. The companies that did not work on GDPR compliance will be under the gun to implement scalable compliance processes by the January 1, 2020, deadline.”

Source: Information Security Magazine