Commentary

Homegrown GDPR: Firms Gear Up To Deal With Tough California Law

Marketers are getting ready to comply with the California Consumer Privacy Act (CCPA), and many will spend big money. But they are not yet ready, according to the CCPA and GPR Compliance Report, a study conducted by Dimensional Research for TrustArc. 

Only 14% are fully compliant at this time. Yet 84% have at least started the process, and 56% have begun implementation. 

The law, which affects any business selling to California consumers, takes effect next January 1. 

Of the 250 executives polled, 71% expect to spend in the six figures, and 19% say they will spend $1 million on more on compliance. 

Drilling down, 26% foresee spending $100,000, 32% from $100,000 to $500,000, 20% between $500,000 and $1 million, 15% between $1 million and $5 million and 4% more than $5 million. The remaining 3% predict no spending.

As for where the money will go, 71% will invest in technology, and 55% in external legal experience, 45% on internal hiring and 61% on consultants.

advertisement

advertisement

And 5% are making no CCPA investments.

Firms that are also complying with the EU’s GDPR have an advantage: The study shows that 79% of the firms that have to comply with CCPA only expect to spend more than six figures, versus 61% of the firms faced with both CCPA and GDPR.  

Of  the sample, 50% are concerned with the CCPA only, and 50% with both CCPA and GDPR.

“Companies that took the steps to comply with GDPR are already ahead of the game and will have an easier path to meet the requirements of CCPA,” states Chris Babel, CEO of TrustArc. “The companies that did not work on GDPR compliance will be under the gun to implement scalable compliance processes by the January 1, 2020 deadline.”

Meanwhile, 89% see an increasing need for tools and technology for managing data privacy, and 30% say it is significantly greater.

That said, firms have a variety of reasons or investing in CCPA compliance:

  • Meet customer/partner/other third-party expectation/requirement — 62%
  • Meet internal reporting requirements (including board of directors) — 45% 
  • Support our company values — 41% 
  • Fines or class action lawsuit — 35% 
  • Differentiate vs. competitors —23% 
  • Negative media coverage — 18%

What kind of outside help will they need? They require:

  • Technology and tools to automate and operationalize privacy management — 45% 
  • Legal assistance to understand CCPA requirements — 44%
  • Consulting to design our program — 43%
  • Consulting assistance to implement our program — 39%
  • Legal or consulting help developing new policies an processes — 25% 
  • We do not need additional help in any area — 12%

 

 

Next story loading loading..