More than half of general counsel at technology companies say they are unprepared for new privacy regulations coming in around the world, according to a survey by data privacy compliance company Ethyca and US membership group TechGC.

Some 56% of 218 GCs who took part in the survey said they are not ready for the slew of new global privacy regulations, including the California Consumer Privacy Act (CCPA), which came into effect at the start of the year. Just 31% said they felt prepared for the new regulations.

Cillian Kieran, CEO of Ethyca, said: “The pandemic has thrown the world into chaos but these survey results indicate that concerns over privacy have remained a constant. Current circumstances have not lessened the urgency of compliance, especially to CCPA.”

The California attorney general’s office can impose civil penalties of $2,500 each time a company mishandles customer data or $7,500 for each intentional violation. Some 43% of GCs said their companies had de-prioritised CCPA preparedness due to the coronavirus pandemic, despite the attorney general’s office pushing ahead with plans to start enforcing fines from this month.

Almost half of respondents said that a lack of resources and expense was the biggest challenge to reaching compliance, while just under a third attributed it to the increasingly complex privacy laws. About one in 10 GCs said getting internal buy-in was the top challenge.

Kieran added: “Even for businesses committed to doing privacy well, it can be a real challenge to get your head around the multitude of requirements of the various regulations emerging around the globe.”

Against this backdrop, 57% of GCs said they will spend more on privacy and compliance this year. Only 6% said they would spend less on privacy.

Almost three-quarters of respondents said the increasing number of privacy regulations globally makes it difficult to comply, while almost a fifth said it was impossible.

Just over half of respondents said CCPA was the most challenging privacy law for their businesses, while 42% said it was GDPR.

The respondents were heads of legal at venture-backed private companies, public companies, PE-backed companies, funds and other private companies.

Last month, a Linklaters study showed that GDPR data breach notifications were on the rise across major European economies, jumping 66% over the past year.

Further reading on data and privacy

Privacy fears move up global GCs' agendas as business confidence edges up — Poll shows fall in number of GCs who think Covid-19 impact will be severe amid concern over lockdown easing guidance

US company leaders admit value of data is tempting businesses to sidestep rules, survey finds — Survey shows 78% of respondents believe companies willing to take risks to unlock greater value despite privacy concerns

US company leaders admit value of data is tempting businesses to sidestep rules, survey finds — Survey shows 78% of respondents believe companies willing to take risks to unlock greater value despite privacy concerns

US companies lack resources to check on data privacy compliance, survey finds — More than half of respondents unsure if they are fully compliant with new regulations