A dismaying 91% of companies are unprepared — or only partially prepared — for the California Consumer Privacy Act (CCPA) and 94% with the GDPR, according to State of CCPA & GDPR Rights Compliance Report 2022, a study released Tuesday by Cytrio.
But there has been progress: 3.5% of firms that were using manual processes to comply have moved to automation tools, and 6% of non-compliant firms are now using manual processes, the report states.
Of the firms not fully compliant with CCPA, 42.46% are somewhat complaint, meaning that they use manual processes, as this study sees it.
Among other problems, 50% fail to provide a mechanism for consumers to exercise their data-privacy rights, although they acknowledge the need for compliance in their privacy policies.
As for GDPR, only 6.23% use automation and 93.77% rely on “error prone and expensive” manual processes that poorly equip them to manage Data Subject Access Requests.
Both B2B and B2C companies are ill-prepared, but B2C firms are more likely to deploy automation — 9.79% do so, compared with 7.94% in B2B. And 52% of B2B companies do not provide a mechanism for individuals to exercise their data privacy rights, versus 47% for B2C.
Meanwhile, 22% of companies say they need to comply with both CCPA and GDPR, almost a 6% increase from Q1 2022.
Predictably, larger companies—those with more than 1,000 employees—are more likely to deploy CCPA data rights management automation solutions than mid-sized firms. Larger outfits receive a higher number of requests because they process more PI.
Texas, California and New York remain the most compliant states, representing 32.5% of total companies.
Cytrio researched 1,525 companies during Q2. In addition to 6,745 companies that were studied during Q1.
bringing the total number of U.S. mid to large companies with revenues from $25 million to $5+ billion researched to 8,270 since Q3 2021