5th State of CCPA, CPRA and GDPR Compliance Report shows more than 90% of companies are not compliant
Boston, MA, Feb. 15, 2023 — CYTRIO, a next-generation data privacy compliance company, released its latest research report from Q4 2022 on companies’ prepareness to comply with the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and the European Union’s General Data Protection Regulation (GDPR). The fifth report shows that as of December 31, 2022, 92% of companies across all verticals, states, and business sizes are still unprepared for CCPA and CPRA, and 91% are unprepared for GDPR, using time consuming and error prone manual processes. CPRA and employees’ rights to exercise data privacy went into effect on January 1, 2023, requiring companies to deploy a CCPA/CPRA and GDPR compliance management solution to avoid fines and penalties.
“The requirements that companies are facing today related to data privacy regulations are steadily increasing,” said Vijay Basani, founder and CEO of CYTRIO. “As the California Privacy Protection Agency (CPPA) turns its attention to CPRA enforcement, we will see a significant increase in enforcement actions. Additionally, as was the case with GDPR, media coverage of increasingly higher numbers of enforcement actions will educate consumers regarding their data privacy rights resulting in consumer requests under CPRA. Companies need to act now to implement solutions to comply with CCPA, GDPR, and other data privacy regulations.”
GDPR continues to be actively enforced with fines totaling in excess of $2.5 billion and total number of fines under GDPR reaching 1,462 as of the end of Q4 2022.
Key findings of the research showed 53.2% of companies stated they need to comply with CCPA but do not provide a mechanism for consumers to exercise their data privacy rights. Further, 38.6% of companies are using expensive and error prone manual processes. Four percent of companies that were using manual processes in Q1 2022 moved to compliance automation solutions, while 11% of non-compliant companies moved to a manual process to comply with CCPA by Q4 2022, indicating companies are slowly moving up the CCPA/GDPR compliance maturity curve.
During Q4 2022, CYTRIO researched an additional 1,521 U.S. mid to large companies with revenues from $25 million to $5+ billion, bringing the total number of companies researched to 11,358 over five quarters. CYTRIO continued looking for trends among companies that were either non-compliant or partially compliant by comparing its compliance status to previous quarters.
This year, data privacy regulations go into effect in Virginia, Colorado, Utah, and Connecticut, while several other states are expected to approve a data privacy regulation.
After Q3 2022 saw the first enforcement action under CCPA with Sephora being fined $1.2 million for violating the Do Not Sell My Information provision, last month, California Attorney General Rob Bonta announced a new enforcement sweep aimed at businesses with mobile apps and others that fail to comply with CCPA.
To view an infographic summarizing CYTRIO’s research findings, visit:https://cytrio.com/wp-content/uploads/2023/02/CYTRIO-2022-Q4-Infographic.png
To access the full findings of CYTRIO’s most recent data privacy research, go to:https://cytrio.com/ccpa-research-report-q4-2022/