GDPR RESOURCE
CENTER

SCHREMS II: WHAT DOES THE CJEU’S DECISION MEAN FOR TRANSFERS FROM THE EEA TO THE US?

In our Schrems II Practical Guidance special reports, members of McDermott’s internationally recognized Global Privacy & Cybersecurity group have outlined practical guidance and next steps to ensure your business is prepared for what’s next following the final ruling in Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems.

DOWNLOAD PRACTICAL GUIDANCE FOR BUSINESSES

WHAT HAPPENED AFTER GDPR WENT INTO EFFECT?
A GLOBAL VIEW OF GDPR PROGRESS

In partnership with the Ponemon Institute, this study provides a global view of GDPR progress in the United States, Europe, China and Japan. The research reflects practical difficulties and regional differences in levels of adherence to GDPR. Over 1,200 participants in this study work in a variety of departments including IT, IT security, compliance, legal, data protection office and privacy.

HOW SUCCESSFUL WAS GDPR IMPLEMENTATION?

IMPLEMENTATION

of organizations reported that GDPR took longer than they had anticipated
of organizations reported that it was equally or more difficult to implement GDPR than other data privacy and security requirements.

BUDGET

of organizations have a budget
allocated for GDPR.
of GDPR budgets will be
renewed annually.
of GDPR budgets will
continue indefinitely

HOW MANY GDPR REPORTABLE DATA BREACHES DID YOUR COMPANY HAVE?

REGULATORS

of respondents say their organizations had an average of ~2 reportable data breaches since GDPR came into effect
received a follow-up inquiry or inspection from the regulator.
reported a personal data breach
to a regulator.

DATA BREACH

of respondents are highly confident in their companies’ ability to communicate a reportable data breach to the relevant regulator(s) within 72 hours.

 

This suggested that early breach awareness and identification, even on a preliminary basis, continues to be a major difficulty with more help needed.

Download GDPR Report

THE ROLE OF CYBER RISK INSURANCE IN GDPR

of respondents report that their companies have insurance that covers cyber risks.
of respondents say their companies' cyber insurance policy covers GDPR fines or penalties.

TYPES OF INCIDENTS UNDERSTOOD TO BE COVERED BY CYBER INSURANCE

Cyber Criminal
Human error, mistakes and negligence
Malicious or
criminal insiders
Did not know

LEARN MORE ABOUT THE USE OF CYBER INSURANCE AND WHAT TYPES OF INCIDENTS ARE COVERED

COUNTRY-SPECIFIC FINDINGS

UNITED STATES & EUROPE

More than half of the US company respondents apply GDPR data subject rights to both US and European employees. 51% of US organizations surveyed say they give their US and EU employees the same rights under GDPR. European organizations take a slightly different approach, with only 43% of respondednts saying their organizations apply GDPR data subject rights to both US and EU employees.

CHINA

China’s compliance with GDPR lags behind other countries. 29% of these respondents state that their companies are fully compliant and only 15% of organizations who do have cyber insurance are not sure what their policies cover. Meanwhile, only 2% of Chinese respondents have evaluated their relationships with third-party vendors, likely due to differences in data transfer rules and China’s data security laws.

JAPAN

Japanese companies adopt measures to prevent and respond to data breaches—but they are not as regular with assessments. 32% of respondents say their companies have achieved full GDPR compliance, at the time of the report. Meanwhile 30% of Japanese companies have evaluated and adjusted their relationships with third-party vendors.

LEARN MORE ABOUT COUNTRY SPECIFIC FINDINGS

Download GDPR Report

ADDITIONAL RESOURCES