June 05, 2018 | Baltimore, Maryland: At the annual GRC Summit today, MetricStream Chief Evangelist, Dr. French Caldwell, announced the findings of the latest MetricStream Research survey report, GDPR: Are Enterprises Ready to Protect Personal Data? The global survey gathered the perspectives of 120 respondents from 100+ enterprises and 20 different industries. Four primary areas of GDPR compliance were covered, including the state of GDPR awareness, preparedness, and readiness, as well as compliance challenges, benefits, and spend.

Key findings

Most enterprises did not expect to be fully compliant by the May 25 deadline

Only 39% of the respondents reported having a well-defined plan to be GDPR compliant by the May 25 deadline, while 5% reported that they were already compliant. The majority (55%) did not expect to make the compliance deadline. Of them, 17% had no clear compliance plan, while 38% expected to achieve only partial compliance.

Technology makes a big difference to GDPR readiness

More than half of the respondents (53%) who have implemented GRC solutions reported that they would be GDPR compliant by the May 25 deadline. On the other hand, only 40% of the respondents who use spreadsheet-based processes reported that they would meet the deadline.

70% of the respondents using GRC solutions for GDPR compliance also indicated being either confident or highly confident that their data protection program would stand up to legal scrutiny by regulators and courts. In comparison, less than a quarter of the respondents (23%) using spreadsheet-based processes, point solutions, or business process management solutions, reported similar levels of confidence in their data protection programs.

Readiness for an onslaught of data subject complaints and rights requests is low

GDPR gives data subjects multiple rights. Yet, fewer than 40% of the respondents reported that their enterprises are prepared or fully prepared to manage data subject complaints or requests around more complex rights, including the right to erasure, the right to restrict processing, and the right to data portability.

Other Findings

  • Just 50% of the respondents reported being ready to complete assessments of all third parties that have access to personal data by the May 25 deadline
  • 86% of the respondents expect their GDPR budgets to stay the same or increase
  • 66% of the respondents reported improved data governance as the biggest long-term benefit of GDPR compliance

“GDPR is finally here, and with it a fundamental change in how companies execute on good data governance,” said French Caldwell, Chief Evangelist, MetricStream. “While the first year of compliance is likely to be a period of adjustment, enterprises cannot afford to be complacent. Our research shows that those with a well-implemented GRC program will have an edge when it comes to meeting these new requirements. Technology will also be important in building a future-ready, sustainable GDPR program that will drive business success in 2018 and beyond.”

To access the MetricStream Research report, click here.

About the GRC Summit

The GRC Summit, hosted by MetricStream, is the most influential gathering of governance, risk, compliance, audit, and IT GRC professionals from around the world. Held twice a year—once in the US and once in Europe—the summits feature keynotes from global leaders along with discussions, case studies, and deep-dive workshops from domain experts, practitioners, and independent analysts.

About MetricStream

MetricStream is the independent market leader in enterprise cloud applications for governance, risk, compliance (GRC), and quality management. MetricStream apps and software solutions improve business performance by strengthening risk management, corporate governance, regulatory compliance, audit management, vendor governance, and quality management for organizations across industries, including banking and financial services, health care, life sciences, energy and utilities, consumer brands, government, technology, and manufacturing. MetricStream is headquartered in Palo Alto, California, with an operations and GRC innovation center in Bengaluru, India, and sales and operations support in 12 other cities globally.(www.metricstream.com).

Press contact

[email protected]

Request a demo Download RFP Template Pricing Contact