Compliance Report Shows More Than 90% of Companies Are Not Compliant
As CPRA went into effect on January 1, latest CYTRIO research reveals 91% of companies are still noncompliant with GDPR; 92% not compliant with CCPA and CPRA.
Note: TDWI’s editors carefully choose press releases related to the data and analytics industry. We have edited and/or condensed this release to highlight key information but make no claims as to its accuracy.
CYTRIO, a data privacy compliance company, released its latest research report from Q4 2022 on companies’ readiness to comply with the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and the European Union’s General Data Protection Regulation (GDPR).
The report shows that, as of December 31, 2022, 92% of companies across all verticals, states, and business sizes are still unprepared for CCPA and CPRA and 91% are unprepared for GDPR. The report also shows that most companies are still using time-consuming and error-prone manual processes. CPRA and employees’ rights to exercise data privacy went into effect on January 1, 2023, requiring companies to deploy a CCPA/CPRA and GDPR compliance management solution to avoid fines and penalties.
“The requirements that companies are facing today related to data privacy regulations are steadily increasing,” said Vijay Basani, founder and CEO of CYTRIO. “As the CPPA turns its attention to CPRA enforcement, we will see a significant increase in enforcement actions. Additionally, as was the case with GDPR, media coverage of increasingly higher numbers of enforcement actions will educate consumers regarding their data privacy rights, resulting in consumer requests under CPRA. Companies need to act now to implement solutions to comply with CCPA, GDPR, and other data privacy regulations.”
GDPR continues to be actively enforced with fines totaling over $2.5 billion and total number of fines reaching 1,462 as of the end of Q4 2022.
Key findings of the research show 53.2% of companies stated they need to comply with CCPA but do not provide a mechanism for consumers to exercise their data privacy rights. Further, 38.6% of companies are using expensive and error-prone manual processes. Four percent of companies using manual processes in Q1 2022 moved to compliance automation solutions; 11% of noncompliant companies moved to a manual process to comply with CCPA by Q4 2022, indicating companies are slowly moving up the CCPA/GDPR compliance maturity curve.
During Q4 2022, CYTRIO researched an additional 1,521 mid-sized to large U.S. companies with revenues from $25 million to over $5 billion, bringing the total number of companies researched to 11,358 over five quarters. CYTRIO continued looking for trends among companies that were either noncompliant or partially compliant by comparing their compliance status to previous quarters.
This year, data privacy regulations go into effect in Virginia, Colorado, Utah, and Connecticut. Several other states are expected to approve a data privacy regulation.
After Q3 2022 saw the first enforcement action under CCPA with Sephora being fined $1.2 million for violating the Do Not Sell My Information provision, last month, California attorney general Rob Bonta announced a new enforcement sweep aimed at businesses with mobile apps and others that fail to comply with CCPA.
To view an infographic summarizing CYTRIO’s research findings, visit: https://cytrio.com/wp-content/uploads/2023/02/CYTRIO-2022-Q4-Infographic.png
To access the full findings of CYTRIO’s most recent data privacy research, go to https://cytrio.com/ccpa-research-report-q4-2022/ (short registration required).