• by Ray Schultz , Columnist, February 15, 2023

Most firms are still not fully prepared for GDPR and state laws in the U.S. And progress is creeping along slowly, judging by the 5th State of CCPA & GDPR Privacy Rights Compliance Research Report—Q4, 2022, a study by Cytrio.

Of the companies studied, 92% are unprepared for the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). But that depends on how you define “prepared.”

The study deems that only firms that are automated are adhering to the laws.  

In that way, only 8.2% are fully compliant — they process consumer requests by automation. But 38.68% use costly manual compliance and 53.2% are simply non-compliant.  

Things have not changed: only 8.2% were fully compliant in Q3 2022.  

In Q3 2022, 52.34% were non-compliant, while 39.46% were pursuing manual compliance and 8.2% were fully compliant. So things have not changed much.  

Moreover, 91.22% of companies are not fully adhering to GDPR. Only 8.78% are complying.  

There are several variables when it comes to state law. One is locale. 

Firms based in California seem to be the most compliant with CCPA and CPRA, as well they should be. And the curve is rising:  Of the firms analyzed, 211 were fully compliant in Q4, compared to 179 in Q3. New York also was a leader in local compliance, but Texas was not. 

It also is based on company size: 7.09% of firms with fewer than 1,000 employees were fully compliant with CCPA in Q3. But 9.84% of enterprise firms — those with more than 1,000 on staff--were compliant in Q4, up slightly from Q3.  

It also depends on the type of company. B2C companies actually showed a decline in compliance — from 9.53% in Q3 to 8.93% in Q4. In the case of B2B, 7.13% were compliant in Q3 and 7.53% in Q4. 

There is hope overall. “We observed 4% of companies that were using manual processes in Q1 2022 moved to compliance automation solutions, while 11% of non-compliant companies moved to a manual process to comply with CCPA,” the study notes. 

The findings are based on two waves of research: For its prior study in 2022, Cytrio studied 8,927 mid-to-large U.S. companies with revenues of $25 million to $5+ billion. 

For the Q4 results in this report, Cytrio added an additional 1,521 companies. The ongoing research has included 11,358 firms.