MetricStream Research finds that 55% of enterprises likely missed the GDPR deadline

38% of respondents expected to be only partially compliant, while 17% reported having no plan for compliance


Dubai: At the annual GRC Summit held in early June, MetricStream Chief Evangelist, Dr. French Caldwell, announced the findings of the latest MetricStream Research survey report, GDPR: Are Enterprises Ready to Protect Personal Data? The global survey gathered the perspectives of 120 respondents from 100+ enterprises and 20 different industries. Four primary areas of GDPR compliance were covered, including the state of GDPR awareness, preparedness, and readiness, as well as compliance challenges, benefits, and spend.

Key findings

Most enterprises did not expect to be fully compliant by the May 25 deadline

Only 39% of the respondents reported having a well-defined plan to be GDPR compliant by the May 25 deadline, while 5% reported that they were already compliant. The majority (55%) did not expect to make the compliance deadline. Of them, 17% had no clear compliance plan, while 38% expected to achieve only partial compliance.

Technology makes a big difference to GDPR readiness

More than half of the respondents (53%) who have implemented GRC solutions reported that they would be GDPR compliant by the May 25 deadline. On the other hand, only 40% of the respondents who use spreadsheet-based processes reported that they would meet the deadline.

70% of the respondents using GRC solutions for GDPR compliance also indicated being either confident or highly confident that their data protection program would stand up to legal scrutiny by regulators and courts. In comparison, less than a quarter of the respondents (23%) using spreadsheet-based processes, point solutions, or business process management solutions, reported similar levels of confidence in their data protection programs.

Readiness for an onslaught of data subject complaints and rights requests is low

GDPR gives data subjects multiple rights. Yet, fewer than 40% of the respondents reported that their enterprises are prepared or fully prepared to manage data subject complaints or requests around more complex rights, including the right to erasure, the right to restrict processing, and the right to data portability.

Other Findings

  • Just 50% of the respondents reported being ready to complete assessments of all third parties that have access to personal data by the May 25 deadline
  • 86% of the respondents expect their GDPR budgets to stay the same or increase
  • 66% of the respondents reported improved data governance as the biggest long-term benefit of GDPR compliance

“GDPR is finally here, and with it a fundamental change in how companies execute on good data governance,” said French Caldwell, Chief Evangelist, MetricStream. “While the first year of compliance is likely to be a period of adjustment, enterprises cannot afford to be complacent. Our research shows that those with a well-implemented GRC program will have an edge when it comes to meeting these new requirements. Technology will also be important in building a future-ready, sustainable GDPR program that will drive business success in 2018 and beyond.”

To access the MetricStream Research report, click here.

About the GRC Summit

The GRC Summit, hosted by MetricStream, is the most influential gathering of governance, risk, compliance, audit, and IT GRC professionals from around the world. Held twice a year—once in the US and once in Europe—the summits feature keynotes from global leaders along with discussions, case studies, and deep-dive workshops from domain experts, practitioners, and independent analysts.


MetricStream, the independent market leader in enterprise and cloud applications for Governance, Risk, Compliance (GRC) and Quality Management, makes GRC simple. MetricStream apps improve business performance by strengthening risk management, corporate governance, regulatory compliance, vendor governance, and quality management for hundreds of thousands of users in dozens of industries, including Financial Services, Healthcare, Life Sciences, Energy and Utilities, Food, Retail, CPG, Government, Hi-Tech and Manufacturing. MetricStream is headquartered in Palo Alto, California, with an operations and R&D center in Bangalore, India, and sales and operations support in 12 other cities globally. (

Media Contact:

Sonia Sharma

India: +91 98450-19197

© Press Release 2018

Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.

The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.

To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.

More From Press Releases