informa
/
Commentary

Businesses Aren’t Ready for California’s Data Privacy Act

A year and a half after GDPR, California’s own data privacy act will soon go into effect, but many businesses are unprepared. How can they get there?

A year and a half ago, the General Data Protection Regulation (GDPR) — the world’s most far-reaching data privacy regulation — came into effect across the European Union. At the time, many affected companies both in and outside of the EU were caught unprepared, but the regulation did bring in changes in how data privacy was handled at many organizations and likely inspired future regulations.

Next up: the California Consumer Privacy Act. The final round of amendments for the CCPA finished in September, and the law takes effect on Jan. 1, 2020. When that happens, the same scenario that saw GDPR arrive with many organizations still unprepared looks likely to repeat itself. According to research from eMarketer done in July 2019, only 8% of U.S. businesses said they were prepared and only 34% said they expected they would be before the regulations came into effect.

The last round of changes to the law did give some reprieve to those who find themselves unprepared. The amendments to California’s data privacy act reduced the scope of the law, more concisely regulating consumer-facing activities, said Aaron Shum, practice lead in security, risk and compliance at Info-Tech Research Group.

Read the rest of Terri Coles' article on the CCPA on InformationWeek's affiliate site ITPro Today.