Today at International Association of Privacy Professionals’ (IAPP) Global Privacy Summit, OneTrust and the IAPP announced the results from joint research analyzing California Consumer Privacy Act (CCPA) preparedness in advance of the regulation’s Jan. 1, 2020 compliance deadline. OneTrust and the IAPP surveyed U.S. organizations spanning size and industry, and found that while reputation and consumer privacy are the biggest drivers for CCPA compliance, only 55% of companies plan to be ready by the law’s Jan. 1, 2020 effective date.

Download the research: Ready or not, here it comes: How prepared are organizations for the California Consumer Privacy Act?

The CCPA is the first of its kind U.S. consumer privacy law which broadly expands the data protection and privacy rights of California residents. The law, inspired by the EU’s General Data Protection Regulation (GDPR), requires organizations that do businesses in the state to undertake significant operational reform to meet the increased obligations of handling California consumer personal data.

In the first of three planned reports this year to assess CCPA readiness overtime, the OneTrust-IAPP research revealed most organizations still have a long way to go toward compliance. Key findings from the research found:

  • Only 55% of those surveyed plan to be ready for the CCPA on its enforcement date: Jan. 1, 2020. Another 25% plan to be ready by July 1, 2020, the time California will begin enforcement actions.
  • The biggest reason organizations are underprepared is due to a lack of time, whereas the biggest motivator for compliance is company reputation.
  • GDPR readiness is paying off: companies with a “high” level of GDPR compliance have early target dates for CCPA compliance (59% will be ready by Jan. 1), while none of the organizations that report “low” GDPR compliance plan to be ready by this same date.
  • Federal preemption is unlikely: 47% of those surveyed believe a federal privacy law that preempts the CCPA will not be passed by Congress over the next year or two.

Given the haste with which the CCPA became law, as well as a number of drafting errors, many organizations seemed to have taken a wait-and-see approach to compliance. But now, with the law taking effect Jan. 1, 2020, and becoming enforceable July 1, 2020, it is clearly time for organizations to take a closer look at the CCPA and begin preparing toward compliance.

Download the full research report to learn more. For additional information, or to request a live OneTrust Privacy Management Software demo, visit or email [email protected]. To learn more about the IAPP, visit

Are you ready for the CCPA? Understand your readiness and get the best combination of technology, professional services, research, and community events with OneTrust’s Resources: 

Are you attending IAPP’s Global Privacy Summit? Make sure and visit OneTrust at booth 315 and attend our CEO, Kabir Barday and Raytheon’s Hugo Teufel III’s session that will discuss the importance of conducting risk assessments under global privacy laws and scenario-based approaches to risk assessments on Thursday, May 2nd at 2:00pm in Salon M, Level M4.