In our Schrems II Practical Guidance special reports, members of McDermott’s internationally recognized Global Privacy & Cybersecurity group have outlined practical guidance and next steps to ensure your business is prepared for what’s next following the final ruling in Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems.
In partnership with the Ponemon Institute, this study provides a global view of GDPR progress in the United States, Europe, China and Japan. The research reflects practical difficulties and regional differences in levels of adherence to GDPR. Over 1,200 participants in this study work in a variety of departments including IT, IT security, compliance, legal, data protection office and privacy.
of respondents are highly confident in their companies’ ability to communicate a reportable data breach to the relevant regulator(s) within 72 hours.
This suggested that early breach awareness and identification, even on a preliminary basis, continues to be a major difficulty with more help needed.
Download GDPR Report
More than half of the US company respondents apply GDPR data subject rights to both US and European employees. 51% of US organizations surveyed say they give their US and EU employees the same rights under GDPR. European organizations take a slightly different approach, with only 43% of respondednts saying their organizations apply GDPR data subject rights to both US and EU employees.
China’s compliance with GDPR lags behind other countries. 29% of these respondents state that their companies are fully compliant and only 15% of organizations who do have cyber insurance are not sure what their policies cover. Meanwhile, only 2% of Chinese respondents have evaluated their relationships with third-party vendors, likely due to differences in data transfer rules and China’s data security laws.
Japanese companies adopt measures to prevent and respond to data breaches—but they are not as regular with assessments. 32% of respondents say their companies have achieved full GDPR compliance, at the time of the report. Meanwhile 30% of Japanese companies have evaluated and adjusted their relationships with third-party vendors.
