The California Consumer Privacy Act (CCPA) and its right of access are less than a month from coming into effect on January 1, 2020. However, the 2019 Compliance Benchmark Report from data solutions provider Talend indicates that many companies may still be struggling with a similar provision as it exists under the EU's General Data Protection Regulation (GDPR).

Whether or not this spells trouble for the ability of companies to respond to data subject access requests made under the CCPA may depend less on an entity's proficiency with the GDPR and more on the cultural differences between the U.S. and EU.

Talend surveyed 103 companies worldwide operating in various industries that include financial services, media, the public sector and education. One major takeaway was that 58% of respondents were unable to meet data access and portability requests within the one-month time limit established for the GDPR.

While various privacy laws may approach the concept differently, in general data subject access requests allow someone to view or request a copy of all the information an entity may have collected about them. Jean-Michel Franco, director of data governance at Talend, called it the aspect of GDPR compliance that requires the most maturity on behalf of an organization's compliance efforts.

"You need to make sure that you have your data in one place and can access it seamlessly to share with a customer," Franco said.

He ventured that entities may be struggling with answering requests on time either because of a failure to put the necessary organizational structures in place or not making use of software that can help automate the process.

Still, some entities may be demonstrating a growing sophistication with their approach to satisfying data subject requests. For example, 32% of the respondents who failed to provide the necessary data within 30 days in 2018 reported that they were able to do so in 2019—which is potentially good news for the CCPA.

Franco pointed to the fact that the CCPA even allows up to 45 days for entities to comply with a request.

"We believe that companies are really compliant with the GDPR, [CCPA compliance] it will be pretty easy for them," Franco said.

However, there's a good chance that it won't be nearly that straightforward. In fact, companies in the U.S. who are privy to the CCPA may actually not have all that much experience with data subject requests to begin with.

Mark Schreiber, a partner with McDermott Will & Emery, said that in the build-up to the launch of the GDPR, there was a lot of concern surrounding the potential volume of data subject access requests that would be made. Those fears ultimately didn't pan out once the GDPR came into effect in May 2018.

"Statistically speaking, we're not seeing nearly as much of that as we thought we would be," Schreiber said.

But that doesn't mean that there won't be a higher number of data subject access requests made under the CCPA. Schreiber pointed to cultural and historical differences between the U.S. and EU—the former being more litigious in nature—which could see additional requests flowing in the direction of companies holding California citizens' data.

"The data collection issues that have had vigorous prior class action litigation in California are significant," Schreiber said.

Further complicating matters for companies, Schreiber expects that other states exploring privacy regulations will echo California's approach, including a right of access. Franco at Talend expects the same on a global level.

"I have not seen a recent regulation where [right of access] is not there," Franco said.