The European Union’s (EU) General Data Protection Regulation (GDPR) has been occupying the minds of privacy professionals for the past two years and now attention is shifting to the California Consumer Privacy Act (CCPA). The CCPA is the toughest US privacy regulation to date and its impact will be felt by almost every organization that does business in California or handles personal information of California citizens.
To understand the readiness and plans for businesses to meet the January 1, 2020 deadline for the CCPA, Dimensional Research conducted this research among 250 US privacy professionals from Feb 15th – 27th, 2019. The online survey was fielded to IT and legal professionals at a fairly-evenly mixed target group of small (500 to 1,000 employees), mid-sized (1,000 to 5,000 employees) and large (over 5,000 employees) companies. Half the companies were subject to both the GDPR and CCPA, and the other half were only subject to the CCPA. A total of 250 executives, team managers and individual team contributors from companies in the financial services, technology, manufacturing, business services, energy and utilities, healthcare and other key industries completed the survey. All respondents were from the US.
Some sample questions we set out to answer with the survey were: Approximately how much of your GDPR program do you expect to leverage for CCPA? What areas will your company be investing in to prepare for CCPA? How much does your company expect to invest in CCPA-related privacy compliance expenses in 2019? How is the need for technology and tools used to manage data privacy changing at your company?
Our previous posts in this series discussed companies current CCPA compliance status and how companies plan to invest in order to achieve and maintain compliance.
Key Takeaway # 3: The top reason for investing in CCPA is to meet customer and partner expectations
As is evident from this survey, data protection management and compliance with the California Consumer Privacy Act (CCPA) will be a challenging task. Most companies are planning to invest in external resources. There are varying reasons for investing in CCPA compliance but the reason that tops the chart is to meet customer / partner requirements (62%). Other popular reason for investing in compliance are meeting internal reporting requirements, supporting company values, and fines or class action lawsuits.
The survey also reveals the fact that 88% of respondents will require help to meet CCPA compliance. 45% of whom need technology and tools to automate and operationalize privacy management.
Download the full report here.
TrustArc has a comprehensive set of privacy management solutions to help you manage your data privacy management program. We have solutions to help you with all phases of CCPA and GDPR compliance. We can help you build a plan and processes; implement controls and tools; and manage and demonstrate ongoing compliance. Solutions include the TrustArc platform and consulting services. To learn more about TrustArc solutions can help your company prepare for the CCPA, request a demo today!