In both studies, the portions of respondents who were already compliant were similar: eight percent for PossibleNow and 5% for IAPP/OneTrust. The results overall emphasize how difficult it is to be compliant and how companies are still all over the board in their path to regulation readiness.
“Just as with GDPR [General Data Protection Regulation], a significant number of businesses are caught between the cost and the effort of complying with CCPA and the probability of enforcement actions against them,” said Eric Tejeda, head of marketing at PossibleNow, in a statement.
Companies with annual gross revenues of $25 million or more, those that buy or sell more than 50,000 individuals’ data, and those that make more than half their annual revenues from selling customer data need to comply with CCPA’s requirements.
For businesses that fail to or refuse to comply, fines can be steep. The CCPA states that companies can be penalized $2,500 for each record of unintentional violation and $7,500 for each record of intentional violation. While such amounts might seem minimal, keep in mind that individual companies failing to protect customer data and meet CCPA guidelines could be on the hook for hundreds, thousands or even millions of data records.
“CCPA compliance is a real financial and resource strain for many companies,” said Lauren Fisher, eMarketer principal analyst. “But like we’re seeing with GDPR, I think we’ll also see that companies that fail to make the investment now are going to have to put only more work and effort in down the line.”