Gartner research: How to Prepare for the CCPA and Navigate Consumer Privacy Rights*

The California Consumer Privacy Act introduces new challenges when handling personal data and raises the baseline across the U.S. Security and risk management leaders should seize the opportunity to position their privacy program as a competitive advantage and not merely for compliance.


  • " Many organizations struggle to create a coherent data ecosystem caused in part by siloed environments and fragmented data management practices. Delivering the new subject rights requests (SRRs) under the California Consumer Privacy Act (CCPA) demands that organizations maintain up-to-date knowledge of the personal data held and the capacity to act on that knowledge.
  • Few organizations today possess the required capabilities for consent and preference management needed for CCPA compliance. Enabling individuals to monitor the collection, use and sharing of their personal data or to revoke consent for certain processing activities is a foundational requirement in preparing for the new law.
  • U.S. privacy law is sector-specific, context-specific, and at times inconsistent between federal and state mandates. Without federal and state regulatory harmony, the same “patchwork” will intensify in the wake of the CCPA. "

According to Gartner, Key Challenges are: 

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Odaseva.

*Gartner "How to Prepare for the CCPA and Navigate Consumer Privacy Rights" 12 June 2019. Nader Henein and Lydia Clougherty Jones

© 2019 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates.