Businesses prepare to spend heavily on CCPA compliance

The California Consumer Privacy Act (CCPA) is set to take effect January 1, 2020. While it’s a state-level law, California’s population and economic reach means it will effect businesses throughout the U.S. The regulation will require nearly every business that does business in California or handles California citizens’ personal data to be more transparent about data collection, use and dislosure.

There are talks to pass federal-level legislation that would supersede the California law and keep companies from potentially having to comply with a patchwork of state policies. Banking on that happening ahead of January 1, is a gamble, though. With less than a year to go, most businesses that will be impacted by CCPA are working toward compliance, according to a survey of privacy professionals.

Low rates of readiness. Just 14 percent of respondents said their businesses are CCPA compliant. Sixteen percent have not even started the process toward compliance. The remaining 72 percent are in various stages of progress.

Half of the 250 small, mid-sized and large companies surveyed were subject to both GDPR and CCPA, the other half were subject to CCPA only. Dimensional Research conducted the survey on behalf of TrustArc, notably a data protection services firm with an interest in these findings.

GDPR advantage. Not surprising, companies that worked on compliance with the EU’s General Data Protection Regulation (GDPR), which took effect last May, have a leg up. Twenty-one percent of those companies report being CCPA compliant compared to just 6 percent of companies who did not work on GDPR.

Half of those that have GDPR programs said they plan to use more than half of those programs for CCPA.

Six-figure+ compliance expenditures expected. More than 70 percent of respondents expect to spend more than $100,000 on CCPA-related compliance expenses this year. Nearly 20 percent plan to spend more than $1 million.

Planned investments are lower for those that already have GDPR programs, with 61 percent planning to spend more than six figures on CCPA compliance, compared to 79 percent of respondents that don’t have GDPR programs.

Why you should care. The survey captured overall sentiment around the need for data privacy management technology. Seventy-two percent of respondents said their companies will be investing in additional technology and tools to prepare for CCPA.  Nearly 90 percent said the need for technology and tools to manage data privacy is increasing, with 30 percent saying it’s becoming significantly greater.

While these budgets may not directly impact marketing, depending on budgeting structures, understanding how the regulation and corresponding technology requirements will impact marketing’s use of data — including managing cookie consent — will be important.