Why CCPA Readiness Doesn’t Have to Break the Bank

Why CCPA Readiness Doesn’t Have to Break the Bank
Photo by Michael Longmire on Unsplash

“Our current team doesn’t have the bandwidth to prepare for CCPA, and we can’t afford to staff up a task force.”

“We contacted one of the big consulting firms and the price they quoted was outrageous.”

“We figure it’s more cost-efficient to ignore it and take our chances of getting hit with a fine.”

When we talk to companies about their plans to prepare for the California Consumer Protection Act (CCPA), these are just a few of the cost-based reasons they give for not implementing a readiness plan. Before making a financial decision on CCPA readiness, it’s important to consider the true costs of not taking action ... and to understand that the cost of preparing may not be as high as you thought.

The High Costs of Doing Nothing

When some companies run CCPA readiness through a cost-benefit analysis, they may define “costs” as potential fines they could face if the state discovered a violation or if California residents sued for damages following a data breach. While these potential monetary outlays are important considerations, they don’t cover the full spectrum of what a do-nothing strategy could cost the company. These costs include

  • Lost business opportunities: Firms have started requiring CCPA readiness as a condition for entering business partnerships.
  • Lost customers: Consumers are intensely aware of how providers are handling their personal data, and they may cut their ties with those who fail to comply with data privacy laws.
  • Damage to brand reputation: Your brand is continuously being judged in the always-on, always-connected “court” of social media. Brands who fail to comply with CCPA could see their online reputations suffer, and regaining public trust will not be a quick or easy task.
  • The even higher costs of “rush” readiness programs: If an “emergency” situation arises that requires you to become CCPA-ready within a short time frame, the cost of doing so will be considerably higher than it would have been if you had prepared in advance.
  • Lack of preparedness for future data privacy laws: More jurisdictions are enacting data privacy laws that mirror the GDPR/CCPA model, and we almost certainly will see a U.S. federal law in the near future. By preparing for CCPA now, you can lay a foundation that will give you a head start on preparing for future data privacy legislation.

How to Get Ready Without Breaking Your Budget

Now for the good news: getting ready for CCPA doesn’t have to require a huge budget allocation. Before you start allocating funds, keep the following tips in mind:

  • Understand how the law applies to you: Taking time at the outset to understand the requirements and how they apply to you can save you time, effort, and money down the road.
  • Start with what you have: Chances are you already have many of the necessary structures, policies, and procedures in place to prepare for CCPA. Determine which assets you have and what you need to do to align them with the law’s requirements.
  • Prioritize your plan of action: Once you know what you have to do, identify the areas of greatest risk and address those first, then work your way down your list in order of priority.
  • Bring in help where you need it: Identify areas where bringing in outside resources could help you save time and money and make some inquiries. If we can answer any questions, feel free to give us a call.

To learn more about preparing for CCPA and other data privacy laws, watch the replay of our webinar The No-BS Guide to Data Privacy in 2019 … and Beyond.

Connect with the authors:

We're Here to Help

Questions about how to prepare for CCPA? Get the answers you need in a complimentary 15-minute call with one of our data privacy experts:


Jill Reber and Kevin Moos, January 2019

View more articles by and