Companies Unprepared for Strict CCPA/CPRA (Enforcement Beginning January 1, 2023) and GDPR with fines reaching into the multi-millions
By Peter McConnell | January 26, 2023 | Compliance
Research by CYTRIO, a SaaS data privacy compliance management platform found that at the end of Q3 2022, 92% of 9827 companies surveyed that must comply with California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) are not prepared to meet the acts privacy rights compliance requirements enforceable on January 1, 2023. Under the threat of major non-compliance penalties, 52% stated they need to comply with CCPA but do not provide a mechanism for consumers to exercise their data privacy rights, while 39% of these companies are using expensive, inefficient and error prone manual processes. Only 8.2% are using a Data Subject Access Request (DSAR) management automation solution. The first enforcement action under CCPA included Sephora being fined $1.2 million (August 2022) for selling consumers’ personal information to online tracking companies without their consent and not honoring requests to opt-out of sales made through user-configured privacy measures.
CYTRIO’s research also found that at the end of Q3 2022 nearly 91% of companies that must comply with GDPR are not prepared to meet the GDPR privacy rights compliance requirements when managing DSARs. The majority of companies are using expensive, inefficient and error-prone manual systems with only 8.8% using a DSAR management automation solution. GDPR continues to be actively enforced with fines totaling in excess of $2.4 billion as of September 2022 and the total number of fines reaching 1,304.
Source: https://cytrio.com/4th-state-ccpa-gdpr-compliance/
This research highlights an inherent problem in many compliance departments from the growth of ad-hoc practices supported by manual systems that are unreliable and prone to error. In a recent blog on this topic, I discuss how adopting practices from assurance group like internal audit and the use of automated technology (Compliance Management System) can improve the reliability and security of the collection, recording, reporting and access to data for security and privacy needs and provide auditability for compliance assurance.