Only 13% of non-compliant companies in Q1 2022 moved to manual compliance status by Q2 2023 despite stringent CPRA enforcement beginning on July 1, 2023
BOSTON — Aug. 2, 2023 — CYTRIO, a next-generation data privacy compliance company, released its 6th State of CCPA & CPRA Privacy Rights Compliance report to understand how well U.S. companies have improved their preparedness over the last five quarters for meeting California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) compliance requirements related to Data Subject Access Requests (DSAR). CYTRIO examined 600 of the previously researched 11,000+ mid to large companies with revenues from $25 million to $5+ billion, identifying 6.67% of companies that were using manual processes in Q1 2022 moved to compliance automation solutions by Q2 2023, while 14.67% of non-compliant companies moved to either automated or manual compliance solutions.
“While the lack of active enforcement in the data privacy space seems to be resulting in slow movement toward compliance, our research shows that companies have in fact moved up the CCPA/CPRA compliance maturity curve from Q1 2022 to Q2 2023,” said Vijay Basani, founder and CEO of CYTRIO. “More changes are coming in data privacy compliance, including employees’ right to exercise data privacy in the expansive CPRA and active enforcement which began on July 1, 2023, which requires companies to deploy an effective and scalable CCPA/CPRA solution.”
California’s Attorney General Rob Bonta also launched a Consumer Privacy Interactive Tool to make it easy for consumers to send notice of non-compliance to companies for failing to post an easy-to-find Do Not Sell My Information link on their website. There are plans to expand this tool to cover other consumer rights under CCPA and CPRA.
Key findings of the research, as of June 30, 2023, showed the change in companies’ compliance status from Q1 2022 to Q2 2023, including:
- 33% of researched companies across all verticals, states, and business size that were non-compliant moved to manual CCPA/CPRA compliance solutions
- 33% of B2C companies moved from manual compliance to automated solutions
- 67% of B2C companies moved from non-compliant to manual compliance
- 8% of B2B companies moved from manual compliance to automated solutions
- 14% of B2B companies moved from non-compliant to manual compliance
The research also showed that 4.67% of companies with $25M to $100M in revenue moved from manual compliance to automated solutions, while 11.33% of companies with $25M to $100M in revenue moved from non-compliant to manual compliance between Q1 2022 to Q2 2023. Additionally, 8.67% of companies researched with less than $100M in revenue moved from manual compliance to automated solutions, while 15.33% of companies with less than $100M in revenue moved from non-compliant to manual compliance during the same time period.
CYTRIO’s Privacy UX platform provides cost-effective Consent and Preference Management and DSAR Intake Portal to help companies comply with CCPA and CPRA. Sign up for free at:
To access the full findings of CYTRIO’s most recent data privacy research, go to:
CYTRIO’s software-as-a-service (SaaS) data privacy compliance management platform helps organizations comply with data privacy regulations such as GDPR, CCPA, CPRA, VCDPA, CPA, and others. The company offers an all-in-one data privacy platform that unifies and delivers consent and preference management, DSAR management, do not sell my information, and policy templates to help businesses of all sizes comply with complex data privacy laws. CYTRIO’s solutions are simple to deploy, deliver value in a few minutes, and do not require dedicated privacy teams to manage. Learn more at www.cytrio.com and follow on LinkedIn and Twitter.
All trademarks recognized.