The findings from this study provide strong evidence that organizations are benefitting from their privacy investments beyond compliance. Organizations that are ready for GDPR are experiencing shorter delays in their sales cycle related to customers’ data privacy concerns than those that are not ready for GDPR. GDPR-ready organizations have also experienced fewer data breaches, and when breaches have occurred, fewer records were impacted, and system downtime was shorter. As a result, the total cost of data breaches was less than what organizations not ready for GDPR experienced.