Marketers are getting ready to comply with the California Consumer Privacy Act (CCPA), and many will spend big money. But they are not yet ready, according to the CCPA and GPR Compliance Report, a study conducted by Dimensional Research for TrustArc.
Only 14% are fully compliant at this time. Yet 84% have at least started the process, and 56% have begun implementation.
The law, which affects any business selling to California consumers, takes effect next January 1.
Of the 250 executives polled, 71% expect to spend in the six figures, and 19% say they will spend $1 million on more on compliance.
Drilling down, 26% foresee spending $100,000, 32% from $100,000 to $500,000, 20% between $500,000 and $1 million, 15% between $1 million and $5 million and 4% more than $5 million. The remaining 3% predict no spending.
As for where the money will go, 71% will invest in technology, and 55% in external legal experience, 45% on internal hiring and 61% on consultants.
And 5% are making no CCPA investments.
Firms that are also complying with the EU’s GDPR have an advantage: The study shows that 79% of the firms that have to comply with CCPA only expect to spend more than six figures, versus 61% of the firms faced with both CCPA and GDPR.
Of the sample, 50% are concerned with the CCPA only, and 50% with both CCPA and GDPR.
“Companies that took the steps to comply with GDPR are already ahead of the game and will have an easier path to meet the requirements of CCPA,” states Chris Babel, CEO of TrustArc. “The companies that did not work on GDPR compliance will be under the gun to implement scalable compliance processes by the January 1, 2020 deadline.”
Meanwhile, 89% see an increasing need for tools and technology for managing data privacy, and 30% say it is significantly greater.
That said, firms have a variety of reasons or investing in CCPA compliance:
What kind of outside help will they need? They require: