New findings from TrustArc uncover state of CCPA readiness, investments and plans to comply before January 2020 deadline
SAN FRANCISCO (March 19, 2019) – TrustArc, the leading privacy compliance company, today announced results from a survey conducted by Dimensional Research that gauges the readiness of U.S. companies and their plans for complying with the California Consumer Privacy Act (CCPA), as compared to the General Data Protection Regulation (GDPR).
Key findings from the research highlight that with less than 10 months to the deadline, only 14 percent of companies surveyed are compliant with CCPA, and 44 percent have not yet started the implementation process. Of companies that have worked on GDPR compliance, 21 percent are compliant with CCPA, compared to only 6 percent for companies that did not work on GDPR.
“At TrustArc, we’ve seen a significant increase in the number of customers coming to us for support to comply with CCPA,” said Chris Babel, CEO of TrustArc. “Companies that took the steps to comply with GDPR are already ahead of the game and will have an easier path to meet the requirements of CCPA. The companies that did not work on GDPR compliance will be under the gun to implement scalable compliance processes by the January 1, 2020 deadline.”
The CCPA is set to be the toughest privacy law in the United States, broadly expanding the rights of consumers and requiring businesses within scope to be significantly more transparent about how they collect, use and disclose personal information. The CCPA compliance deadline is January 1, 2020 and will impact tens of thousands of businesses worldwide that have customers or employees located in California.
Additional findings from the TrustArc and Dimensional Research survey include:
Investments to comply run high
- 71 percent of companies expect to spend more than six figures to comply with CCPA
- 1 in 5 expect to spend more than $1 million to achieve CCPA compliance
- For companies that were not impacted by GDPR, 79 percent will spend more than six figures to comply with CCPA, compared to 61 percent who have worked on GDPR compliance
Companies need help to understand and plan for CCPA
- 88 percent require external help to understand CCPA requirements
- 72 percent plan to invest in technology to prepare for CCPA, while 61 percent plan to spend on consulting expertise
- 64 percent of companies need help developing their CCPA privacy plan
Motivations for complying with CCPA vary
- 62 percent of respondents list that the top motivation to comply is to meet partner and/or customer requirements
- 45 percent list internal reporting requirements and 41 percent supporting company values
- 35 percent list the risk of fines or class action lawsuits as the top driver, and 18 percent the risk of negative media coverage
To download the complete findings, please visit: trustarc.com/ccpa-research
To learn more about TrustArc CCPA solutions, visit: trustarc.com/products/ccpa-compliance
About the Research
The survey was fielded online from February 15 to February 27, 2019 to 250 IT and privacy/legal professionals with responsibility for privacy at companies in the United States required to meet CCPA compliance. Company size ranged from 500 to more than 50,000 employees from a cross-section of industries, including technology, manufacturing, business services and financial services and insurance.
TrustArc, the leader in privacy compliance and data protection for over two decades, offers an unmatched combination of innovative technology, expert consulting and TRUSTe certification solutions that together address all phases of privacy program management. The TrustArc Platform, fortified over eight years of operating experience across a wide range of industries and client use cases, along with our extensive services, leverage deep privacy expertise and proven methodologies, which have been continuously enhanced through thousands of customer engagements. Headquartered in San Francisco and backed by a global team across the Americas, Europe and Asia, TrustArc helps customers worldwide demonstrate compliance, minimize risk and build trust. For more information, visit the TrustArc website, blog and LinkedIn.