No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home GRC Vendor News

GDPR Survey Finds Companies Still Not Prepared to Comply with Rules and Potential EU Data Breaches

by Corporate Compliance Insights
September 17, 2019
in GRC Vendor News
red warning text on blue binary background

Nearly 50 Percent of Global Respondents Experienced Data Breach; Ability to Respond and Notify Affected Parties Lags

A GDPR survey sponsored by international law firm McDermott Will & Emery and carried out by the Ponemon Institute reveals that businesses across the globe continue to face challenges understanding and responding to EU data breaches, despite making investments in new personnel and changing business practices.

The McDermott-Ponemon study surveyed companies in the US and EU, and for the first time in China and Japan, as they assessed progress and challenges after one year under the GDPR requirements.

Key findings:

  • Nearly 50 percent of respondents experienced at least one personal data breach that was required to be reported under GDPR
  • One-quarter of respondents on average in all countries say their readiness and confidence to respond to a GDPR data breach is very low
  • Only 18 percent of organizations were highly confident in their ability to communicate a reportable data breach to the relevant regulator(s) within 72 hours of awareness
  • Nearly half (49 percent) of Chinese respondents and more than one-third (36 percent) of Japanese respondents subject to GDPR are still not familiar with this regulation.

“The number of data breaches occurring under GDPR should give pause,” said Mark Schreiber, partner and co-leader of McDermott’s Global Privacy and Cybersecurity Practice. “Companies would benefit from conducting risk assessments and engaging forensic professionals who can identify vulnerabilities and recommend improved processes and remediation. If done under litigation or attorney privilege, organizations can further safeguard themselves.”

“The reporting requirement is one of the most difficult aspects for companies to get right. Over-reporting and under-reporting to regulators are both disadvantageous, and mandatory reporting to data subjects can increase the likelihood of class action litigation” said Ashley Winton. A partner at McDermott, Ashley is also a Ponemon Institute fellow and Chairman of the UK Data Protection Forum.

Although companies report making significant investments in compliance, there are still risks around their ability to prevent – and then also respond to – data breaches. Almost half of the respondents experienced at least one personal data breach that was required to be reported under the GDPR. Less than that (39 percent of US companies and 45 percent of EU companies) reported a personal data breach to a Regulator.

Approximately one-third of companies obtained cyber risk insurance; 43 percent of those respondents said their insurance policy covers GDPR fines or penalties. Ten percent were unsure of what their organization’s cyber policy covered.

Looking beyond the US and EU, Chinese and Japanese respondents lag in their GDPR efforts. Only 29 percent of the Chinese respondents and 32 percent of Japanese ones stated that they were fully compliant with the GDPR, more than 10 percent lower than Western companies. Although Japanese respondents rely heavily on external cybersecurity services to investigate data breaches, significantly fewer Chinese respondents did so and only 41 percent of these are conducted through litigation or under the protection of lawyer-client privilege.

“As revealed in our first study one year ago, The Race to GDPR, GDPR compliance is a challenge, particularly with information and the companies that possess it so frequently crisscrossing national borders and an uptick in varying local regulations – whether that’s China’s Cybersecurity Law or the new California Privacy Act,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute.

“What we learned this year is that countries and regions are now very much at different points in their compliance awareness and execution journeys. With enforcement activity just beginning, it is more important than ever for companies to work hand in glove with external cybersecurity services and legal counsel and understand that these issues will continue well into the foreseeable future,” he added.

Additional findings include:

  • A surprisingly high percentage of respondents (85 percent) reported appointing a GDPR Data Protection Officer and 54 percent of non-EU respondents appointed an EU Representative. Most of these appointments were internal rather than an external individual or company. At play are complex GDPR provisions that mandate this position in some, but not all, situations.
  • More than half of the US company respondents apply GDPR data subject rights to both US and EU employees. Fifty-one percent of US companies surveyed say they give their US and EU employees the same rights under GDPR. Only 43 percent of EU companies apply GDPR data rights to both US and EU employees.

McDermott’s experienced lawyers have been advising multinational companies on creating and implementing GDPR compliance programs. For additional details and access to webinars and thought leadership, please visit mwe.com/gdpr.

To access and download the full report, click here.

About McDermott Will & Emery

McDermott Will & Emery partners with leaders around the world to fuel missions, knock down barriers and shape markets. With more than 20 locations on three continents, our team works seamlessly across practices, industries and geographies to deliver highly effective—and often unexpected—solutions that propel success. More than 1,100 lawyers strong, we bring our personal passion and legal prowess to bear in every matter for our clients and the people they serve.

About The Ponemon Institute
The Ponemon Institute was founded in 2002 by Dr. Larry Ponemon. Headquartered in Michigan, the Ponemon Institute is considered the pre-eminent research center dedicated to privacy, data protection and information security policy. Our annual consumer studies on privacy trust are widely quoted in the media and our research quantifying the cost of a data breach has become valuable to organizations seeking to understand the business impact of lost or stolen data.


Previous Post

ProcessUnity Expands Contract Management Capabilities in its Vendor Risk Management Platform

Next Post

Financial Reporting Control Considerations

Corporate Compliance Insights

Corporate Compliance Insights

Corporate Compliance Insights

Related Posts

doj sign front

Assessing the Business Risks of the Trump Administration’s ‘Total Elimination’ Strategy

by José Cortina and Jennifer Christian
May 20, 2025

As cartels increasingly participate in mainstream economic activities, traditional due diligence practices become inadequate to address new material support risks

drug cartel soldier camo

Leveraging Human Rights Frameworks to Combat Emerging Cartel Risks

by Nate Lankford, Matteson Ellis and Nisha Sawhney-Murkett
May 19, 2025

As enforcement priorities shift to cartels and foreign terrorist organizations, established human rights processes can identify and mitigate emerging legal...

You are now registered!

Webinar: What Employee Experience Reveals About Your E&C Program

by Corporate Compliance Insights
May 16, 2025

11 a.m. - 12 p.m. ET Tuesday, June 3 Are your ethics and compliance metrics capturing what really matters? Programs...

LRN 2025 Program Maturity Global Study

2025 Global Study on Ethics & Compliance Program Maturity

by Corporate Compliance Insights
May 16, 2025

How does your ethics and compliance program measure up? Global study Ethics & Compliance Program Maturity What’s in this global...

Next Post
illustration of scattered financial reports on green background

Financial Reporting Control Considerations

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights