Despite enforcement of the California Consumer Privacy Act coming online earlier this month, many companies are still struggling to comply with the far-reaching state regulation. But it’s not just a lack of understanding about the CCPA’s requirements that is holding them back. It’s also a lack of automation and factors outside their control, according to a new survey of 121 U.S.-based companies by cybersecurity and cloud services company Akamai.

Complying with CCPA requirements are still a somewhat manual process for many companies. Only around a third of survey respondents, for example, said they fully automated showing or allowing customers access to their personal data. Even fewer, 23%, did the same for customer requests to have their data deleted. However, 43% were able to fully automate customers opting not to have their personal data sold by the company.