We're sorry but your browser is not supported by Marsh.com

For the best experience, please upgrade to a supported browser:


Research and Briefings

Two Years On, GDPR Continues To Shape Global Data Privacy Regulation


When the EU’s General Data Protection Regulation (GDPR) took effect in May 2018, it marked a major turning point in data privacy regulation. Two years on, the GDPR has undergone its first major review.

The GDPR’s two-year report card is mixed. The two-year evaluation report by the European Commission heralds the GDPR’s success in strengthening individuals’ rights to personal data protection.  It also finds that the GDPR is proving flexible to support digital solutions in unforeseen circumstances, such as the development of tracing apps during the COVID-19 crisis.

The report does not call for a revision of the rules, but does say it is premature at this stage to draw definite conclusions and acknowledges a number of areas where the GDPR could be improved, including:

  • Harmonization between data protection authorities
  • Development of a common European data protection culture
  • Cross-border case efficiency and harmonization
  • Consistency between guidance provided at the national and European levels

The report finds overall that citizens are more empowered and aware of their rights, but more can be done to help them exercise their rights, notably the right to data portability.

In this article we look at the two-year track record of GDPR, and look at new and changing global privacy regulations in the US, Canada, Brazil, Australia, New Zealand, China, Vietnam, Singapore, Thailand, South Korea, and India.

We also offer guidance for organizations to stay informed of evolving privacy regulations and to seek insurance policy coverage for privacy and data risk exposures.