Global companies are victims of many data breaches that must be reported under gdpr, according to Keeping Pace in the GDPR Race, a global study sponsored by the law firm McDermott Will & Emery and MWE China Law Offices.

More difficult than expected

Of the companies polled worldwide, half have had data breaches that must be reported under gdpr. Such incidents were reported to regulators by 39 percent of US firms, as well as 43 percent of those in the EU, 36 percent in China and 33 percent in Japan. However, only 18 percent are confident in their ability to communicate a data breach to regulators in the required 72-hour time frame. And 54 percent say GDPR was more difficult to implement than they expected. On average, US firms suffered 2.49 breaches that were reportable under GDPR, versus 2.24 for EU companies, 2.10 for Japanese companies and 2.07 for those in China.

Survey findings

Overall, the leaks were due to: a negligent insider (45 percent), outsourcing data to a third party (42 percent), cyberattacks (39 percent), a systems glitch (31 percent), failure to protect actual documents (19 percent), a malicious insider (12 percent), data lost in physical delivery (10 percent), whilst  35 percent say they do not know. Despite the issues, 46 percent of US companies say that compliance with gdpr will help in adhering to the California consumer privacy act and other state laws. Of EU firms, 35 percent agree, 30 percent of Japanese companies and 27 percent of Chinese firms. Finally, 43 percent of US companies say that complying with the CCPA and other state laws will cause them to re-evaluate their position under gdpr. Among the companies surveyed 1,263 individuals who work in IT, security, compliance, legal and data protection offices.