The California Consumer Privacy Act (CCPA) has arrived, and businesses are bracing for the financial impacts. Every company’s risk and compliance posture is different, and each company’s data footprint is unique, so the cost of compliance will range from company to company. Generally, estimates from the California Department of Justice project that compliance will cost up to $50,000 for small businesses and $2 million for companies with more than 500 employees. This totals a forecasted $55 billion in initial expenses to operationalize the new requirements.
Many businesses are not ready, not equipped with necessary budget to implement new privacy practices, or both. The CCPA is forcing tens of thousands of companies doing business in California to introduce new processes, new technologies and new policies across business units and the hierarchy of their organization. Some of the most challenging aspects of achieving compliance include enabling and responding to data rights requests, managing consent and documenting data sales.
California state Attorney General Xavier Becerra has said that enforcement will likely not kick in until July. Authorities plan to use the first six months to keep an eye on how companies are responding to the new law, and working with businesses to ensure they understand it. Still, companies should not consider this a grace period—the law is now officially in affect, and enforcement is looming for organizations not acting in good faith. More, while larger companies are likely to be the initial targets of enforcement once it ramps up, mid-sized and small companies are subject to the law. As we’ve seen with GDPR (which to date has cost the Fortune 500 an estimated $7.8 billion), smaller organizations shouldn’t expect to fly under the radar.
Our team provides a range of services to guide companies of all sizes through the ins and outs of the CCPA. Learn more about the requirements, steps to achieve compliance and how we can help here: FTI Consulting CCPA brochure.
Watch Andrew’s recent interview with CNBC Squawk Box on the impacts of CCPA here.
The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.