SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Big Data
#
BI
#
Compliance
90% of companies still not compliant with data privacy acts
Wed, 27th Apr 2022
FYI, this story is more than a year old
Author image
By Catherine Knowles, Journalist
Follow us

As of 31 March 2022, 90% of companies are not fully compliant with CCPA and CPRA Data Subject Access Request (DSAR) requirements, despite growing pressures on companies to adhere to requirements.

On top of this, 95% of companies are using error prone and time consuming manual processes for GDPR DSAR requirements.

This is according to CYTRIO's independent research it conducted during Q1 2022 on the state of companies' readiness to comply with the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and the European Union's General Data Protection Regulation (GDPR).

CYTRIO founder and CEO Vijay Basani says, “Our continuous research confirms that first generation privacy rights management solutions have not gained wide adoption due to cost and deployment complexity, resulting in a high percentage of CCPA non-compliance."

Basani continues, "This problem will become more pronounced as CPRA enforcement takes effect in 2023 with the stringent 12-month lookback. Awareness of their data privacy rights by consumers coupled with the rise of data aggregators is driving an increased number of data requests.

"As the California Privacy Protection Agency (CPPA) begins active enforcement of CCPA and CPRA, non-compliance to DSAR requests will become cost prohibitive for both medium and large sized companies.

CYTRIO's findings showed that only 11% of companies surveyed were fully meeting CCPA requirements, while 89% of companies were either non-compliant or somewhat compliant.

From January to March, CYTRIO researched an additional 1,570 companies for CCPA and GDPR DSAR compliance, bringing the total to 6,745 companies to date.

This most recent research shows only 10% of companies have deployed an automated CCPA DSAR management solution.

Additionally, B2B and B2C companies of all sizes are equally and poorly unprepared for CCPA compliance, and B2B and B2C companies are also woefully unprepared for GDPR compliance, despite the regulation going into effect in May 2018 with $1.8 billion fines levied as of March 2022.

CYTRIO also finds that from Q4 2021 to Q1 2022, the top three most compliant verticals remained the same with business services, retail, and finance making up 54% of the companies researched.

A key observation in this research was that DSARs coming from data aggregators are increasing in frequency and volume with the majority of requests being Right to Delete (Erasure). To be in compliance, companies must respond to these requests in a timely manner.

CYTRIO's software-as-a-service (SaaS) data privacy rights management platform is designed to help organisations comply with data privacy regulations such as CCPA, CPRA, VCDPA, CPA and others. The company offers a solution built on automation, AI-led data discovery and automated response workflows.

The solutions are designed to be simple to deploy, deliver value from day one, and do not require dedicated privacy teams to manage.

Related stories
Genetec unveils Security Center SaaS for cloud & hybrid deployments
The rising threat of search engine ad abuse
Malwarebytes launches free Digital Footprint Portal to protect personal data
Cybersecurity services market to hit $445.3 billion by 2032
Kaspersky's VPN outshines peers in AV-TEST's independent evaluation
Top stories
Booming AI deepfake detector market set to hit USD $5.7 million by 2034
Biometrics market projected to reach USD $173.7bn by 2032, says report
Check Point boosts email security with new AI-powered features
SentinelOne makes it to CRN's inaugural AI 100 list
Upwind fortifies Cloud Security Platform with identity security