TrustArc Blog

CCPA and GDPR Compliance Report: New Research Measures Compliance Status and Plans for CCPA and GDPR (Part 2 of 3)

April 10, 2019

The European Union’s (EU) General Data Protection Regulation (GDPR) has been occupying the minds of privacy professionals for the past two years and now attention is shifting to the California Consumer Privacy Act (CCPA). The CCPA is the toughest US privacy regulation to date and its impact will be felt by almost every organization that does business in California or handles personal information of California citizens.

To understand the readiness and plans for businesses to meet the January 1, 2020 deadline for the CCPA, Dimensional Research conducted this research among 250 US privacy professionals from Feb 15th – 27th, 2019. The online survey was fielded to IT and legal professionals at a fairly-evenly mixed target group of small (500 to 1,000 employees), mid-sized (1,000 to 5,000 employees) and large (over 5,000 employees) companies. Half the companies were subject to both the GDPR and CCPA, and the other half were only subject to the CCPA. A total of 250 executives, team managers and individual team contributors from companies in the financial services, technology, manufacturing, business services, energy and utilities, healthcare and other key industries completed the survey. All respondents were from the US.

Some sample questions we set out to answer with the survey were: Approximately how much of your GDPR program do you expect to leverage for the California Consumer Privacy Act (CCPA)? What areas will your company be investing in to prepare for CCPA? How much does your company expect to invest in CCPA-related privacy compliance expenses in 2019? How is the need for technology and tools used to manage data privacy changing at your company?

Part 1 of this 3 part blog post series discussed where companies are at in terms of CCPA compliance and how GDPR compliance has provided some companies with a head start. Read part one here.

Key takeaway # 2: 72% of companies plan to invest in technology to help prepare for the CCPA

As is evident from this survey, data protection management and compliance with the California Consumer Privacy Act (CCPA) will be a challenging task. Most companies are planning to invest in external resources including technology solutions and consulting services. Of the 250 respondents, 72% say that they are preparing to invest in Technology and Tools followed by 61% in Consultants, 55% in External legal expertise and 45% in Internal Hiring.

Companies are also expecting significant costs in order to comply with the CCPA: 71% of the respondents expect to spend more than six figures in CCPA-related privacy compliance expenses in 2019 – and 19% expect to spend over $1 million.

Download the full report here.

TrustArc has a comprehensive set of privacy management solutions to help you manage your data privacy management program. We have solutions to help you with all phases of CCPA and GDPR compliance. We can help you build a plan and processes; implement controls and tools; and manage and demonstrate ongoing compliance. Solutions include the TrustArc platform and consulting services. To learn more about how TrustArc solutions can help your company prepare for the CCPA, request a demo today!