Mid-2022 Research from CYTRIO Shows Most Companies Remain Exposed to CCPA and GDPR Compliance Fines

As enforcements begin to take effect, 91% of companies are not prepared for CCPA privacy compliance; 94% are not prepared for GDPR, risking enforcement penalties

BOSTON–(BUSINESS WIRE)–#ADPPACYTRIO, a next-generation data privacy compliance company, has published the findings from the largest research in the market to-date on the state of companies’ readiness to comply with the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and the European Union’s General Data Protection Regulation (GDPR). The research indicates that as of June 30, 2022, 91% of companies across all verticals, states, and business size that must comply with CCPA are still not prepared to meet the CCPA privacy rights compliance requirements. Further, 94% of companies that must comply with GDPR are ill prepared to meet the GDPR privacy rights compliance requirements.

“The majority of companies that must meet CCPA, CPRA, and GDPR compliance have a long way to go, and with enforcements looming, many are exposed to compliance enforcement fines and private right-of-action,” said Vijay Basani, founder and CEO of CYTRIO. “Through our ongoing research, we aim to educate the market on the importance of data privacy rights compliance, the need to enable consumers to easily exercise their data privacy rights, and how companies can build trust with their customers leveraging automated Data Subject Access Request (DSAR) submission and response solutions.”

During Q2 2022, CYTRIO researched 1,525 companies, bringing the total number of U.S. mid to large companies with revenues from $25 million to $5+ billion researched to 8,270 since Q3 2021. CYTRIO’s Q1 research found 90% of companies were not fully compliant with CCPA and CPRA DSAR requirements and 95% of companies were using error prone and time consuming manual processes for GDPR compliance.

The Q2 research also revealed that more than 50% of companies that acknowledge in their privacy policy they need to comply with CCPA do not provide a mechanism for consumers to exercise their data privacy rights. Companies are slowly shifting up in the compliance maturity curve with 3.5% of companies that were using manual processes in Q1 2022 moved to compliance automation solutions, while 6% of non-compliant companies moved to a manual process to begin compliance with CCPA.

Other observations from the Q2 research includes:

  • 22% of companies stated they need to comply with both CCPA and GDPR, an almost 6% increase from the Q1 2022 cohort.
  • The trend of larger companies (1,000+ employees) deploying automated solutions at a slightly higher rate than smaller companies (less 1,000 employees) continues, though the vast majority are unprepared for compliance.
  • Though CCPA is agnostic to industry verticals, the top three most compliant verticals remained the same from the end of Q1 2021 to the end of Q2 2022: Business Services, Retail, and Finance, making up 55% of the companies researched.
  • B2C companies are more likely to deploy an automation solution and are better prepared to comply with CCPA data privacy rights. More than 52% of B2B companies do not provide a mechanism for consumers to exercise their data privacy rights compared to 47% of B2C companies.

Data privacy rights are becoming more urgent as the expansive CPRA that goes into effect on January 1, 2023 requires companies to deploy an effective and scalable CCPA compliance management solution.

CYTRIO will be sharing the latest research findings along with a panel discussion on the American Data Privacy and Protection Act (ADPPA) and CCPA with data privacy industry experts Michelle Finneran Dennedy, CEO of PrivacyCode, Inc. and Divya Sridhar, Senior Director at Data Protection Policy on Thursday, July 28, 2022. To learn more, register for the webinar, “The Hidden Truth about Data Privacy Compliance Preparedness: Are you Ready for CCPA and GDPR?” at:


To access the full findings of CYTRIO’s most recent data privacy research, go to:



CYTRIO’s software-as-a-service (SaaS) data privacy compliance management platform helps organizations comply with data privacy regulations such as GDPR, CCPA, CPRA, VCDPA, CPA, and others. The company offers an all-in-one solution built on automation, AI-led data discovery, and automated response workflows. CYTRIO’s solutions are simple to deploy, deliver value in the first hour, and do not require dedicated privacy teams to manage. Learn more at www.cytrio.com and follow on LinkedIn and Twitter.

All trademarks recognized.


Tracy Wemett




error: Content is protected !!