Mark Zuckerberg, chief executive officer and founder of Facebook Inc. attends the Viva Tech start-up and technology gathering at Parc des Expositions Porte de Versailles on May 24, 2018 in Paris, France.

California's new privacy law could cost companies a total of up to $55 billion in initial compliance costs, according to an economic impact assessment prepared for the state attorney general's office by an independent research firm.

The review, released publicly by California's Department of Finance, provided a broad range for the potential costs companies could face to become and stay compliant with the California Consumer Privacy Act (CCPA) if signed into law by Democratic Governor Gavin Newsom.

On the low end, the researchers estimated that firms with fewer than 20 employees might have to pay around $50,000 at the outset to become compliant. On the high end, firms with more than 500 employees would pay an average of $2 million in initial costs, the researchers estimated. The $55 billion researchers estimated companies will initially pay to become compliant is equivalent to about 1.8% of California's Gross State Product in 2018, according to the report.

In addition, total compliance costs for all companies subject to the law could range from $467 million to more than $16 billion over the next decade, according to the report.

The assessment comes as amendments to the CCPA are nearing final approval this month. The law is set to go into effect on Jan. 1, 2020. The attorney general's office is tasked with defining regulations that will help companies understand the steps they need to take to comply.

The bill grants rights to California residents to be informed about how companies collect and use their data, and allows them to request their personal data be deleted, among other protections. The law would apply to all businesses in the state that generate annual gross revenue over $25 million; derive at least half of their annual revenue from selling customers' personal information; or that buy, sell or share personal information from at least 50,000 consumers, households or devices. Researchers estimated that as many as 75% of California businesses earning less than $25 million in revenue would be impacted by the legislation.

Lawmakers in Washington, D.C. are closely watching the legislation as they consider a federal privacy law. As states begin to take on their own privacy legislation efforts, tech executives like Facebook CEO Mark Zuckerberg have advocated for creating a nationwide policy. Setting one legal standard would likely be less costly and complicated for tech firms than a piecemeal approach to compliance.

Businesses operating in California could have a head start on tackling compliance costs should other state laws or a national policy take effect, according to the report. In the meantime, relatively few businesses will be hurt by having to compete with other firms that are not subject to California's protections.