Cost of complying with GDPR, CCPA and CPRA

Cost of complying with GDPR, CCPA and CPRA

With the explosion of devices and channels, businesses are collecting a lot of consumer data from a multitude of data sources. Due to this, consumer data is present across the enterprise in various systems It is estimated that on average companies with fewer than 1000 employees run an average of 22 applications, with many of these containing consumer data.

Generally, this consumer data across systems is not resolved and integrated to build a comprehensive view of all the interactions a consumer is having with a business. For example, a consumer may have visited a business’s website from her laptop as well as from her mobile phone and may have made a purchase when visiting from laptop. Then may have called in to customer support. And may have written a review and interacted with a Facebook post. In the process, a company may have collected a lot of personal data about the consumer, but all this data is sitting in different enterprise systems.

With digital interactions, collection and sharing of personal data has become very easy. And this has caused privacy issues with users getting followed across the web with behavioral ads targeting, and massive data breaches. Most of the time data and advertising companies are collecting user data from user interactions across multiple companies and stitching that together to build behavioral profiles that then help with advertising. But most of such data collection is done without the consumers even knowing about it. This has caused privacy concerns across the world, especially with the realization that companies like Google and Facebook have a lot of data on a significant population across the world.

That’s where data privacy regulations e.g. GDPR, an EU-wide regulation and CCPA (California consumer privacy act and its newer version California Privacy Rights Act) comes in. But these privacy regulations don’t apply just to Google or Facebook but to almost all companies. 

These regulations provide some fundamental rights to consumer privacy; e.g. right to request data, right to request deletion of the data, right to opt-in/opt-out of data collection, right to modify data etc.

The issue with such consumer privacy rights is that while companies like Google and Facebook have a much better consumer data management strategy, the average companies don’t. To effectively comply with these consumer rights, a company would need to have an integrated consumer data store.

But the current data privacy solutions look at this problem as a regulatory chore rather than an opportunity for resolving consumer data across various silos and unifying the enterprise consumer data. So, the current solutions become a cost center for a company where the company implements a solution with very poor consumer experience just to comply with the letter of law.

For example, if a consumer goes to a retailer’s website and wants to know what all data the retailer has on her, she would need to shift through fine print to find a link to request that data, fill a form, and then wait for one to twelve weeks. In the meantime, the company creates multiple tasks associated to that request and assigns to multiple data owners in the organization to ensure data is searched and then some team will combine, clean and review the data before sending it to the requester. The current solutions in the market are trying to optimize this workflow, but none-the-less this remains a cost center and a distraction from the core business.

Gartner estimates that it costs a company on average $1400 to serve one consumer data access request. And in EU, companies have been getting between 30-240 requests per month as part of the GDPR compliance.

The consumer data privacy compliance problem has to be looked at from the lens of the spirit of the law; that the company has a complete view into a consumer’s data stored across the enterprise, and is proactive in managing consumers privacy.

This is where LayerFive comes in. LayerFive’s Compliance 360 platform solves the core problem of scattered consumer data across the enterprise first. LayerFive’s innovative identity resolution system resolves consumer’s identities across both online and offline data sources using AI and builds a comprehensive user profile.

LayerFive then makes a version of this user profile available to the end user for self-serve privacy as part of the logged-in user’s account management function.  This not only saves cost, cuts long and resource intensive workflows, but also improves consumer experience many folds, and improves brand trust.

LayerFive integrates with Shopify and Magento; two of the most widely used e-commerce platforms and makes the privacy profile available to the logged-in consumer of an e-commerce vendor.

LayerFive can integrate with hundreds of enterprise platforms that keep consumer data and makes the overall implementation of the privacy compliance a breeze.

Want to find out how LayerFive could help your company comply with CCPA/CPRA or GDPR? Contact us at


Digital marketing compliance in the context of GDPR/CCPA

One of the biggest reasons consumer data privacy regulations exist today is the exponential increase in the amount of consumer…

LayerFive Advertising Analytics

Your Advertising Analytics Could be Misleading You

This the second in the series of “Ad Performance in the Cookieless World: Soar or Crash”. Here I explore how…


Ad Performance in the Cookieless World: Soar or Crash

Brands spend a lot of money on advertising and they have their own ways of measuring return on ad spend….

Want to get Started?

The free demo comes with no commitments and no credit card required.

Back To Top