Security News > 2022 > April > Companies poorly prepared to meet CCPA, CPRA and GDPR compliance requirements
As of March 31, 2022, the findings uncovered that 90% of companies are not fully compliant with CCPA and CPRA Data Subject Access Request requirements.
Further, 95% of companies are using error prone and time consuming manual processes for GDPR DSAR requirements.
"Our continuous research confirms that first generation privacy rights management solutions have not gained wide adoption due to cost and deployment complexity, resulting in a high percentage of CCPA non-compliance," said Vijay Basani, CEO of CYTRIO. "This problem will become more pronounced as CPRA enforcement takes effect in 2023 with the stringent 12-month lookback. Awareness of their data privacy rights by consumers coupled with the rise of data aggregators is driving an increased number of data requests. As the California Privacy Protection Agency begins active enforcement of CCPA and CPRA, non-compliance to DSAR requests will become cost prohibitive for both medium and large sized companies."
The reserach showed that only 11% of companies were fully meeting CCPA requirements, while 89% of companies were either non-compliant or somewhat compliant.
From January to March, CYTRIO researched an additional 1,570 companies for CCPA and GDPR DSAR compliance, bringing the total to 6,745 companies to date.
B2B and B2C companies of all sizes are equally and poorly unprepared for CCPA compliance, and B2B and B2C companies are also woefully unprepared for GDPR compliance, despite the regulation going into effect in May 2018 with $1.8 billion fines levied as of March 2022.
News URL
https://www.helpnetsecurity.com/2022/04/29/ccpa-cpra-gdpr-readiness/