Michael Rasmussen of GRC 20/20 Research has been noted as the “Father of Governance, Risk, and Compliance (GRC)” – being the first to define and model the GRC market in 2002 while at Forrester. In this new report, he explores the challenges organizations face when complying with privacy regulations such as the EU GDPR.
Privacy is a highly dynamic, moving target that requires compliance management to identify and mitigate the compliance, brand, and business risks associated with processing personal data. Accordingly, organizations need an integrated collaborative process and technology architecture that can span distributed privacy and business functions. They also need situational privacy awareness across operations, processes and relationships.
The report advises that due to the increasing complexity of the regulatory landscape, manual and ad hoc privacy management approaches have become unsustainable. Further, existing enterprise GRC solutions can be too broad or lack the depth of privacy content and process needed in the organization. A technology platform designed for enterprise-wide privacy compliance is the solution.
The report includes a review of the TrustArc Privacy Platform as a solution that has the agility to manage privacy in a dynamic environment. The report is based in part on interviews with TrustArc clients and notes that “TrustArc has a significant installed base for privacy GRC across a range of geographies and industries”. The report concludes that:
“[ TrustArc clients] consistently state that TrustArc has dramatically improved the quality of their privacy compliance and risk information and their ability to report on compliance… Across these clients, there is consistent praise for the value in the ongoing cost of ownership … with improved effectiveness and agility to reliably achieve objectives while reducing uncertainty and risk.”