#Privacy: CCPA could cost organisations up to $55B in initial compliance costs

A report has revealed that California’s new privacy law could cost companies a total of up to $55 billion in initial compliance costs. 

According to an economic impact assessment prepared for the California Attorney General’s Office, it was discovered that companies with less than 20 employees could pay around $50,000 in compliance costs. 

Companies with more than 500 employees, could be paying an average of $2 million in initial costs, researchers have estimated. 

The total of up to $55 billion that researchers have estimated that companies will have to pay in order to become compliant is equivalent to 1.8% of California’s Gross State Product in 2018.

Additionally, the report identified that over the next decade, the total compliance costs could range from $467 million to more than $16 billion. 

“Total CCPA compliance costs are likely to vary considerably based on the type of company, the maturity of the businesses their current privacy compliance system, the number of California consumers they provide goods and services to, and how personal information is currently used in the business,” the researchers wrote. 

The California Consumer Privacy Act (CCPA) is set to come into effect on January 1, 2010, and is nearing its final approval this month, hence why the assessment has come about. 

Researchers estimated that CCPA would impact as many as 75% of California businesses with a gross revenue of at least $25 million, as well as companies that buy, sell and share the personal data of 50,000 consumers, devices, households or more. 

Although similar to the EU General Data Protection Regulation (GDPR), CCPA has a more focused segment of the economy, whilst the GDPR also touches on the personal data belonging to UK citizens. 

The researchers noted that the estimated $55 billion is just for starters, whilst the economic impact of CCPA is “expected to exceed $50 million per year once fully implemented.”


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/