Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

5th State of CCPA, CPRA, and GDPR Compliance Report Shows More Than 90% of Companies Are Not Compliant

BOSTON — Feb. 15, 2023 — CYTRIO, a next-generation data privacy compliance company, released its latest research report from Q4 2022 on companies’ preparedness to comply with the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and the European Union’s General Data Protection Regulation (GDPR). The fifth report shows that as of December 31, 2022, 92% of companies across all verticals, states, and business sizes are still unprepared for CCPA and CPRA, and 91% are unprepared for GDPR, using time consuming and error prone manual processes. CPRA and employees’ rights to exercise data privacy went into effect on January 1, 2023, requiring companies to deploy a CCPA/CPRA and GDPR compliance management solution to avoid fines and penalties.

“The requirements that companies are facing today related to data privacy regulations are steadily increasing,” said Vijay Basani, founder and CEO of CYTRIO. “As the California Privacy Protection Agency (CPPA) turns its attention to CPRA enforcement, we will see a significant increase in enforcement actions. Additionally, as was the case with GDPR, media coverage of increasingly higher numbers of enforcement actions will educate consumers regarding their data privacy rights resulting in consumer requests under CPRA. Companies need to act now to implement solutions to comply with CCPA, GDPR, and other data privacy regulations.”

GDPR continues to be actively enforced with fines totaling in excess of $2.5 billion and total number of fines under GDPR reaching 1,462 as of the end of Q4 2022.

Key findings of the research showed 53.2% of companies stated they need to comply with CCPA but do not provide a mechanism for consumers to exercise their data privacy rights. Further, 38.6% of companies are using expensive and error prone manual processes. Four percent of companies that were using manual processes in Q1 2022 moved to compliance automation solutions, while 11% of non-compliant companies moved to a manual process to comply with CCPA by Q4 2022, indicating companies are slowly moving up the CCPA/GDPR compliance maturity curve.

During Q4 2022, CYTRIO researched an additional 1,521 U.S. mid to large companies with revenues from $25 million to $5+ billion, bringing the total number of companies researched to 11,358 over five quarters. CYTRIO continued looking for trends among companies that were either non-compliant or partially compliant by comparing its compliance status to previous quarters.

This year, data privacy regulations go into effect in Virginia, Colorado, Utah, and Connecticut, while  several other states are expected to approve a data privacy regulation.

After Q3 2022 saw the first enforcement action under CCPA with Sephora being fined $1.2 million for violating the Do Not Sell My Information provision, last month, California Attorney General Rob Bonta announced a new enforcement sweep aimed at businesses with mobile apps and others that fail to comply with CCPA.


CYTRIO’s software-as-a-service (SaaS) data privacy compliance management platform helps organizations comply with data privacy regulations such as GDPR, CCPA, CPRA, VCDPA, CPA, and others. The company offers an all-in-one solution built on automation, AI-led data discovery, and automated response workflows. CYTRIO’s solutions are simple to deploy, deliver value in the first hour, and do not require dedicated privacy teams to manage. Learn more at www.cytrio.com and follow on LinkedIn and Twitter.

Related News

New Backdoor Attack Uses Russian-Ukrainian Conflict Phishing Emails

New Backdoor Attack Uses Russian-Ukrainian Conflict Phishing Emails

The primary targets of this phishing campaign are located in the Ukrainian regions of Crimea, Donetsk, and Lugansk, which were…
CyberSecure Announces Strategic Alliance

CyberSecure Announces Strategic Alliance

BETHESDA, Md., March 24, 2023 /PRNewswire/ — Cybersecure IPS and LockDown Inc. jointly announce that they have entered a strategic alliance to…
Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

Researchers from France-based pen-testing firm Synacktiv demonstrated two separate exploits against the Tesla Model 3 this week at the Pwn2Own…