To see the other types of publications on this topic, follow the link: GDPR.
Journal articles on the topic 'GDPR'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'GDPR.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Iramina, Aline. "GDPR v. GDPL." Law, State and Telecommunications Review 12, no. 2 (October 13, 2020): 91–117. http://dx.doi.org/10.26512/lstr.v12i2.34692.
Full textAbstract:
Purpose ”“ The main purpose of this article is to analyze the aspects of the responsiveness approach adopted by European and Brazilian lawmakers in the elaboration of data protection rules, such as GDPR and LGPD.
Methodology ”“ The applied methodology is based on the responsive regulation theory and, additionally, the network governance theory, through the comparative analysis of personal data protection legal frameworks in Brazil and the EU.
Findings ”“ Based on the comparative analysis of the GDPR and the LGPD, it is verified the adoption of escalated regulatory techniques of Ayres and Braithwaite’s enforcement pyramid in the developed of these norms, as a strategy adopted by lawmakers to guarantee a greater compliance from regulated entities.
2
Laybats, Claire, and John Davies. "GDPR." Business Information Review 35, no. 2 (June 2018): 81–83. http://dx.doi.org/10.1177/0266382118777808.
Full textAbstract:
This article discusses the main changes to data protection regulation with the introduction of the General Data Protection Regulation (GDPR) that comes into effect on 25 May 2018. It considers the effect on organizations coming under its jurisdiction through an interview with John Davies, Managing Director of digital agency Reading Room, and then goes on to consider the implications for organizations currently out of the geographical area the GDPR controls. It finally considers the implications for the future as the GDPR becomes established.
3
Hirvonen, Pauliina. "Organisational GDPR Investments and Impacts." European Conference on Cyber Warfare and Security 22, no. 1 (June 19, 2023): 584–91. http://dx.doi.org/10.34190/eccws.22.1.1107.
Full textAbstract:
The aim of this empirical multi-case study is to understand the GDPR investments and impacts of the organisations. Among these, the measuring experiences related to GDPR and information security (Isec), and the future expectations are examined. Several interesting findings were recognised, which also enabled further suggestions. First, an understanding of the organisations’ investments and their impact is built by gathering information about the actions that organisations made to fulfil the GDPR requirements. In the second phase, it is deemed necessary to examine how organisations experience the measures and evaluation of GDPR development and progress, in order to understand how respondents, end up evaluating the impact of their investments. In the third phase it is considered necessary to consider the future development of GDPR and the challenges and opportunities it brings to organisations, in order to understand how the experiences so far affect preparations for the future. The final phase of evaluation focuses on finding out what impact the GDPR has had on organisations. On the one hand, it is possible that the total investment in the GDPR may also correlate with the development of the organisational Isec maturity, because GDPR has brought more resources and visibility to the organisation’s Isec, and operations have become more systematic. On the other hand, organisations with an already high level of Isec maturity and organisations operating in a regulatory-focused industry may accept the GDPR-based Isec investments more easily. If GDPR is tightly integrated with both the organisation’s information security and the business functions under the responsibility of executive management, it may support the organisation’s business and information security development. This research serves GDPR authorities, organisational executives, persons in charge of GDPR/information security/cybersecurity, service providers and academia.
4
Hirvonen, Pauliina. "Expectations And Mindsets Related To GDPR." European Conference on Cyber Warfare and Security 21, no. 1 (June 8, 2022): 360–67. http://dx.doi.org/10.34190/eccws.21.1.238.
Full textAbstract:
The aim of this qualitative case study is to examine the initial expectations and assumptions related to General Data Protection Regulation (GDPR) of the European Union from the perspectives of selected Finnish organizations: what were the initial expectations of GDPR, how were they adapted/refined over time, and what was the impact on organizational planning and resourcing. There are no precise earlier studies on the subject. The research question was: What were the organizations’ initial expectations of GDPR - and how have they affected the efforts made? GDPR can be described as an input that forms images, preconceptions and views among other things, through various active and passive communication flows. As the empirical results indicate GDPR has been a legal issue, mainly due to the inadequate and unspecific active, official, communication flows. As a result, organizations have experienced difficulties to scale the necessary GDPR efforts. The results of this research can benefit both privacy and information security managers and personnel responsible for aligning policies and practices, and to evaluate organization-specific actions on GDPR compliance. The results can support regulators and authorities in the future GDPR and other policy work and provide ideas for service providers.
5
Shan Liu, Rolly R. Tang, Jae Kyu Lee,. "Taxonomy of the GDPR-based Privacy Research by Scientometric Analysis." Journal of Electrical Systems 20, no. 2 (April 4, 2024): 1647–59. http://dx.doi.org/10.52783/jes.1612.
Full textAbstract:
Will General Data Protection Regulation (GDPR) be adopted globally in business? The GDPR was approved in the European Union (EU) in April 2016 and officially put into effect in May 2018, thus the research in this field has an obvious upward trend. The development of GDPR is aimed at adapting to new trends, conducting scientific econometric analysis in the fields of privacy and GDPR, and analyzing and visualizing emerging trends. First, summarizing the privacy and GDPR studies publicly published between 1995 and 2023 through statistical analysis of terminology categories and high-yield journals. Then, understand the overall research status of privacy rights and GDPR from the perspectives of author, journal, literature co citation analysis, and collaborative networks. Finally, based on keyword analysis and literature co citation cluster analysis, a knowledge graph was constructed that includes knowledge domains, evolutionary trends, and future research directions. As a globally influential regulation, GDPR emphasizes the protection and lawful processing of personal data, which is of great significance for protecting personal data privacy and enhancing data security.
6
Ngobeni, Sipho, Ntombizodwa Thwala, Nokuthaba Siphambili, Phumeza Pantsi, Bokang Molema, Jacob Lediga, and Pertunia Senamela. "Towards a GDPR Compliance Assessment Toolkit." European Conference on Cyber Warfare and Security 23, no. 1 (June 21, 2024): 313–21. http://dx.doi.org/10.34190/eccws.23.1.2278.
Full textAbstract:
The European Union's (EU) General Data Protection Regulation (GDPR) makes it illegal to collect, process, and store personal data unless it is done in accordance with the prescribed legal and regulatory clauses enshrined in the Act. Organisations face significant challenges in navigating GDPR requirements and assessing their level of compliance. In particular, failure to comply with GDPR may potentially expose the data Controller and Processor to steep legal penalties including possibly administrative fines of up to 20 000 000 EUR, or in the case of an undertaking, up to 4% of the total worldwide annual turnover of the preceding financial year, which is imposed by the Supervisory Authority. This paper presents the results of a minimum viable product, the GDPR Compliance Assessment Toolkit (GCAT). The main objective of the GCAT is to assist organisations to assess their current state of compliance to GDPR. Drawing from an experimental research and development approach, GCAT is then compared with other existing GDPR compliance assessment technologies. Comparative analysis results shows that GCAT simplifies and optimize GDPR compliance assessments.
7
Zanker, Marek, Vladimír Bureš, Anna Cierniak-Emerych, and Martin Nehéz. "The GDPR at the Organizational Level: A Comparative Study of Eight European Countries." E+M Ekonomie a Management 24, no. 2 (June 2021): 207–22. http://dx.doi.org/10.15240/tul/001/2021-2-013.
Full textAbstract:
The General Data Protection Regulation, also known as the ‘gold standard’ or the ‘Magna Carta’ of cyber laws, is a European regulation that deals with rights in the area of privacy and focuses on data collection, storage and data processing. This manuscript presents the results of investigation in the business sphere from eight countries of the European Union. The research focused on awareness of the GDPR, costs associated with the GDPR, number of trainings, how data are secured and subjective evaluation. The questionnaire was used for data collection. The results show that the majority of employees concerned about the GDPR are able to define the GDPR correctly (64%). The correct identification of personal data is in 95% of cases. The vast majority of respondents (94%) assign the right to personal data protection to the GDPR. Most employees are trained in the GDPR once (46%) or twice (45%). Subsequently, the differences between these countries in some areas of the questionnaire survey were examined. For this purpose, Welch ANOVA with post-test Tukey HSD or Kruskal-Wallis test were used. As a result, knowledge about the personal data do not vary significantly between the countries. In the area of rights, the countries are not again statistically different. As for the number of security countries, statistics do not differ significantly. The subjective assessment of the GDPR is different across the countries. The GDPR is rated worst by companies in the Czech Republic and Slovakia. On the contrary, the GDPR is best perceived by companies in France and the United Kingdom.
8
Bin Othman, Mohd Bahrin, and Muhammad Faiz Bin Abu Samah. "The Magnitude of GDPR To Malaysia." Malaysian Journal of Social Sciences and Humanities (MJSSH) 7, no. 9 (September 30, 2022): e001776. http://dx.doi.org/10.47405/mjssh.v7i9.1776.
Full textAbstract:
The European Union (“EU”) General Data Protection Regulation (“GDPR”) governs any individuals or companies that stores or processes personal information about EU citizens within EU states even if it does not involve a business presence within the EU. Malaysian businesses need to comply with the GDPR as failure to comply will cause disruption or discontinuance of business. This paper aims to understand and evaluate the scope of the GDPR and its effect on personal data protection in Malaysia. It employs a doctrinal qualitative approach by examining the GDPR and the Malaysia Personal Data Protection Act 2010. This paper suggests that the GDPR provides a more comprehensive law with its holistic principles and rights which may provide lessons for Malaysia in protecting personal data as the area covered by the GDPR is broader specifically the non-commercial transactions, its wider range of rights and the extraterritorial applicability.
9
Seo, Junwoo, Kyoungmin Kim, Mookyu Park, Moosung Park, and Kyungho Lee. "An Analysis of Economic Impact on IoT Industry under GDPR." Mobile Information Systems 2018 (December 5, 2018): 1–6. http://dx.doi.org/10.1155/2018/6792028.
Full textAbstract:
The EU GDPR comes into effect on May 25, 2018. Under this regulation, stronger legislation than the existing directive can be enforced. The IoT industry, especially among various industries, is expected to be heavily influenced by GDPR since it uses diverse and vast amounts of personal information. This paper first analyzes how the IoT industry handles personal information and summarizes why it is affected by GDPR. The paper then uses the cost definition of Gordon and Loeb model to estimate how GDPR affects the cost of IoT firms qualitatively and uses the statistical and legal bases to estimate quantitatively. From a qualitative point of view, GDPR impacted the preventative cost and legal cost of the Gordon and Loeb model. Quantitative view showed that the cost of IoT firms after GDPR could increase by three to four times on average and by 18 times if the most. The study finally can be applied to situational awareness of the economic impact on the certain industry.
10
Serrado, João, Ruben Filipe Pereira, Miguel Mira da Silva, and Isaías Scalabrin Bianchi. "Information security frameworks for assisting GDPR compliance in banking industry." Digital Policy, Regulation and Governance 22, no. 3 (August 11, 2020): 227–44. http://dx.doi.org/10.1108/dprg-02-2020-0019.
Full textAbstract:
Purpose Data can nowadays be seen as the main asset of organizations and data leaks have a considerable impact on the organization’s image, revenues and possible consequences to the affected clients. One of the most critical industries is the bank. Information security frameworks (ISF) have been created to assist organizations and other frameworks evolved to update these domain practices. Recently, the European Union decided to create the general data protection regulation (GDPR), applicable to all organizations dealing with personal data of citizens residing in the European Union. Although considered a general regulation, GDPR implementation needs to align with some industries’ laws and policies. Especially in the Bank industry. How these ISF can assist the implementation of GDPR is not clear. Design/methodology/approach The design science research process was followed and semi-structured interviews performed. Findings A list of practices to assist the bank industry in GDPR implementation is provided. How each practice map with assessed ISF and GDPR requirements is also presented. Research limitations/implications As GDPR is a relatively recent subject, it is hard to find experts in the area. It is more difficult if the authors intend to find experienced people in the GDPR and bank industry. That is one of the main reasons this study does not include more interviews. Originality/value This research provides a novel artefact to the body of knowledge. The proposed artefact lists which ISF practices banks should implement to comply with GDPR. By doing it the artefact provides a centralized view about which ISF frameworks (or part of them) could be implemented to help banks comply with GDPR.
11
Harris, David, Susie Samuel, and Edmunda Probert. "GDPR confusion." Veterinary Record 183, no. 12 (September 28, 2018): 388.1–388. http://dx.doi.org/10.1136/vr.k3956.
Full text
12
Breitbarth, P. "GDPR Implementation Series ∙ Netherlands: The GDPR Implementation Act." European Data Protection Law Review 4, no. 3 (2018): 360–65. http://dx.doi.org/10.21552/edpl/2018/3/15.
Full text
13
Wagner, Paul. "GDPR-CARPA: A Look at the GDPR’s first certification mechanism." Pin Code N° 13, no. 1 (January 28, 2023): 12–17. http://dx.doi.org/10.3917/pinc.013.0012.
Full textAbstract:
On 13 May 2022, the CNPD launched GDPR-CARPA as the first certification mechanism under the GDPR. It is a voluntary accountability tool designed to help Luxembourg controllers and processors demonstrate compliance of a processing activity under the GDPR. Applicants for certification under GDPR-CARPA must ensure that the relevant processing operations meet the CNPD’s certification criteria, which notably entails the appointment of a data protection officer and the implementation of a number of policies and procedures. Specifically accredited certification bodies will evaluate the application based on “reasonable assurance” and grant certification for a maximum period of three years. Participation in GDPR-CARPA, however, is set to be a sizeable investment in terms of time and resources. While some organizations may consider participation worth the investment, for instance, because they are regularly solicited by contractual partners to demonstrate their compliance or need assurance about a specific, high-risk processing activity, others may consider it too costly. Eventually, only time will tell whether GDPR-CARPA will be a success.
14
Lisiak-Felicka, Dominika, and Maciej Szmit. "GDPR implementation in public administrationin Poland – 1.5 year after: An empirical analysis." Journal of Economics and Management 43 (2021): 1–21. http://dx.doi.org/10.22367/jem.2021.43.01.
Full textAbstract:
Aim/purpose – The paper contains descriptive exploratory research on the implementa- tion of General Data Protection Requirements (GDPR) in a group of Polish public ad- ministration offices. The purpose of this research is to investigate the current state of personal data protection in the entities surveyed. Design/methodology/approach – The diagnostic survey method using the Computer Assisted Web Interview was employed. The survey was conducted in local government administration offices a year and a half after the GDPR implementation. Findings – All marshal offices and the majority of districts (about 80%) confirmed that they comply with all the GDPR requirements. The situation was slightly worse in munic- ipal offices – about 23% of them declared that they do not comply with all the GDPR requirements. In officials’ opinion this situation may be improved by conducting training for employees, employee engagement, and appropriate support of the office manage- ment. Another aspect that draws attention is a very small budget dedicated to the GDPR implementation and maintenance in most of the offices surveyed. Research implications/limitations – The limitation of the findings is the relatively low responsiveness of the questionnaire survey. Originality/value/contribution – The research concerns a relatively new subject. The state of personal data protection in public administration in Poland after 18 months of the GDPR implementation was analyzed. So far, there is no comprehensive research that has been conducted into this field in local government administration. Keywords: General Data Protection Regulation (GDPR), public administration, personal data, GDPR implementation, data protection breaches. JEL Classification: M15, H83, K24.
15
Cvik, Eva Daniela, Radka MacGregor Pelikánová, and Michal Malý. "Selected Issues from the Dark Side of the General Data Protection Regulation." Review of Economic Perspectives 18, no. 4 (December 1, 2018): 387–407. http://dx.doi.org/10.2478/revecp-2018-0020.
Full textAbstract:
Abstract The Regulation (EU) 2016/679 on the protection of personal data (GDPR) was enacted in 2016 and applies from 25thMay 2018 in the entire EU. The GDPR is a product of an ambitious reform and represents a direct penetration of the EU law into the legal systems of the EU member states. The EU works on the enhancement of awareness about the GDPR and points out its bright side. However, the GDPR has its dark side as well, which will inevitably have a negative impact. Hence, the goal of this paper is twofold - (i) to scientifically identify, forecast, and analyze selected problematic aspects of the GDPR and its implementation, in particular for Czech municipalities, and (ii) to propose recommendations about how to reduce, or even avoid, their negative impacts. These theoretic analyses are projected to a Czech case study focusing on municipalities, which offers fresh primary data and allows a further refining of the proposed recommendations. An integral part of the performed analyses is also a theoretic forecast of expenses linked to the GDPR, which municipalities will have to include in their mandatory expenses and mid-term prognostic expectations regarding the impact on the budgets of these municipalities from Central Bohemia. The GDPR, like Charon, is at the crossing, the capacity and knowledge regarding its application is critical for operating in the EU in 2018. It is time both to admit that the GDPR has its dark side and to present real and practical recommendations about how to mitigate it.
16
Diamantopoulou, Vasiliki, Aggeliki Tsohou, and Maria Karyda. "From ISO/IEC27001:2013 and ISO/IEC27002:2013 to GDPR compliance controls." Information & Computer Security 28, no. 4 (June 8, 2020): 645–62. http://dx.doi.org/10.1108/ics-01-2020-0004.
Full textAbstract:
Purpose This paper aims to identify the controls provisioned in ISO/IEC 27001:2013 and ISO/IEC 27002:2013 that need to be extended to adequately meet, data protection requirements set by the General Data Protection Regulation (GDPR); it also indicates security management actions an organisation needs to perform to fulfil GDPR requirements. Thus, ISO/IEC 27001:2013 compliant organisations, can use this paper as a basis for extending the already existing security control modules towards data protection; and as guidance for reaching compliance with the regulation. Design/methodology/approach This study has followed a two-step approach; first, synergies between ISO/IEC 27001:2013 modules and GDPR requirements were identified, by analysing all 14 control modules of the ISO/IEC 27001:2013 and proposing the appropriate actions towards the satisfaction of data protection requirements. Second, this paper identified GDPR requirements not addressed by ISO/IEC 27001:2013. Findings The findings of this work include the identification of the common ground between the security controls that ISO/IEC 27001:2013 includes and the requirements that the GDPR imposes; the actions that need to be performed based on these security controls to adequately meet the data protection requirements that the GDPR imposes; and the identification of the remaining actions an ISO/IEC 27001 compliant organisation needs to perform to be able to adhere with the GDPR. Originality/value This paper provides a gap analysis and a further steps identification regarding the additional actions that need to be performed to allow an ISO/IEC 27001:2013 certified organisation to be compliant with the GDPR.
17
Komnios, Komninos. "Article: Legal Consequences for Non-compliance With the GDPR in International Arbitration." Arbitration: The International Journal of Arbitration, Mediation and Dispute Management 88, Issue 4 (October 1, 2022): 566–78. http://dx.doi.org/10.54648/amdm2022033.
Full textAbstract:
Data protection legislation, such as the General Data Protection Regulation (GDPR), aims to protect individuals’ personal data from illegitimate processing. As in any dispute resolution mechanism extensive processing of personal data takes place also in the context of arbitration and at various stages thereof. The broad scope of the GDPR has raised important issues concerning international arbitration, the most discussed of which being whether and how the GDPR applies to the latter. This article places the focus on specific legal consequences on international arbitration in case of non-compliance with the GDPR when it is applicable.
18
Dalrymple, H. W. "The general data protection regulation, the clinical trial regulation and some complex interplay in paediatric clinical trials." European Journal of Pediatrics 180, no. 5 (January 18, 2021): 1371–79. http://dx.doi.org/10.1007/s00431-021-03933-3.
Full textAbstract:
AbstractAlthough a number of authors have commented upon the impact of the GDPR on clinical trial conduct, few have examined the specific setting of paediatric trials. Whilst the general principles are the same as those for adults, some additional considerations arise. The ages of consent relating to data privacy and clinical trial participation are different in a number of countries, but the distinction is often not recognised in non-drug trials. Accidental pregnancies in clinical trials always raise complexities, but these are amplified when the trial subject is a minor, and the processes described in clinical trial protocols rarely take account of GDPR requirements. This paper describes approaches which can be taken to ensure the rights of children are respected.Conclusion: The conduct of paediatric clinical trials within GDPR requirements is quite possible provided authors think carefully when drafting protocols. What is Known:•GDPR is applicable to clinical trials, including paediatric trials.•A number of challenges at the interface between the GDPR and CTR have been described. What is New:•The application of the GDPR to certain specific situations in paediatric trials does not appear to have been explored.•Three such situations are described and solutions offered.
19
Martínez, Francisco García. "Analysis of the US Privacy Model." International Journal of Hyperconnectivity and the Internet of Things 3, no. 1 (January 2019): 43–52. http://dx.doi.org/10.4018/ijhiot.2019010103.
Full textAbstract:
The creation of the General Data Protection Regulation (GDPR) constituted an enormous advance in data privacy, empowering the online consumers, who were doomed to the complete loss of control of their personal information. Although it may first seem that it only affects companies within the European Union, the regulation clearly states that every company who has businesses in the EU must be compliant with the GDPR. Other non-EU countries, like the United States, have seen the benefits of the GDPR and are already developing their own privacy laws. In this article, the most important updates introduced by the GDPR concerning US corporations will be discussed, as well as how American companies can become compliant with the regulation. Besides, a comparison between the GDPR and the state of art of privacy in the US will be presented, highlighting similarities and disparities at the national level and in states of particular interest.
20
Alshaleel, Mohammed Khair. "The Extraterritoriality of the gdpr and Its Effect on gcc Businesses." Global Journal of Comparative Law 13, no. 2 (August 7, 2024): 201–26. http://dx.doi.org/10.1163/2211906x-13020004.
Full textAbstract:
Abstract This article considers the extraterritoriality of the General Data Protection Regulation (gdpr) and its effect on Gulf Cooperation Council (gcc) businesses. Given the robust economic ties to the European Union (EU), many gcc businesses fall under the scope of the gdpr. This article argues that the territorial gateways through which the gdpr applies are much wider than might be thought and so may capture many gcc businesses, and that while the personal data protection laws in the gcc countries have been influenced to varying degrees by the gdpr, there are significant disparities, especially regarding their approach to data protection. This suggests that the level of data protection in the gcc countries is not equivalent to that offered by the gdpr. The article is divided into six sections, covering the EU’s data protection laws, framework evolution, gdpr’s impact on gcc businesses, and gcc’s data protection framework.
21
Tsohou, Aggeliki, Emmanouil Magkos, Haralambos Mouratidis, George Chrysoloras, Luca Piras, Michalis Pavlidis, Julien Debussche, Marco Rotoloni, and Beatriz Gallego-Nicasio Crespo. "Privacy, security, legal and technology acceptance elicited and consolidated requirements for a GDPR compliance platform." Information & Computer Security 28, no. 4 (April 16, 2020): 531–53. http://dx.doi.org/10.1108/ics-01-2020-0002.
Full textAbstract:
Purpose General data protection regulation (GDPR) entered into force in May 2018 for enhancing personal data protection. Even though GDPR leads toward many advantages for the data subjects it turned out to be a significant challenge. Organizations need to implement long and complex changes to become GDPR compliant. Data subjects are empowered with new rights, which, however, they need to become aware of. GDPR compliance is a challenging matter for the relevant stakeholders calls for a software platform that can support their needs. The aim of data governance for supporting GDPR (DEFeND) EU project is to deliver such a platform. The purpose of this paper is to describe the process, within the DEFeND EU project, for eliciting and analyzing requirements for such a complex platform. Design/methodology/approach The platform needs to satisfy legal and privacy requirements and provide functionalities that data controllers request for supporting GDPR compliance. Further, it needs to satisfy acceptance requirements, for assuring that its users will embrace and use the platform. In this paper, the authors describe the methodology for eliciting and analyzing requirements for such a complex platform, by analyzing data attained by stakeholders from different sectors. Findings The findings provide the process for the DEFeND platform requirements’ elicitation and an indicative sample of those. The authors also describe the implementation of a secondary process for consolidating the elicited requirements into a consistent set of platform requirements. Practical implications The proposed software engineering methodology and data collection tools (i.e. questionnaires) are expected to have a significant impact for software engineers in academia and industry. Social implications It is reported repeatedly that data controllers face difficulties in complying with the GDPR. The study aims to offer mechanisms and tools that can assist organizations to comply with the GDPR, thus, offering a significant boost toward the European personal data protection objectives. Originality/value This is the first paper, according to the best of the authors’ knowledge, to provide software requirements for a GDPR compliance platform, including multiple perspectives.
22
Bhaimia, Sahar. "The General Data Protection Regulation: the Next Generation of EU Data Protection." Legal Information Management 18, no. 1 (March 2018): 21–28. http://dx.doi.org/10.1017/s1472669618000051.
Full textAbstract:
AbstractThis article, written by Sahar Bhaimia, presents an overview of the General Data Protection Regulation (EU) (2016/679) (GDPR) which will apply automatically across the EU on 25 May 2018. The GDPR is an update and reform of existing EU data protection law, first established by the Data Protection Directive (1995/46/EC). The article is for knowledge managers and information services professionals who may be asked to take on responsibility for GDPR, and focuses on the UK. It covers the fundamentals of EU data protection law, highlights key changes brought about by the GDPR, and provides practical tips and suggestions for knowledge managers.
23
Hofman, Darra, Victoria Louise Lemieux, Alysha Joo, and Danielle Alves Batista. "“The margin between the edge of the world and infinite possibility”." Records Management Journal 29, no. 1/2 (March 11, 2019): 240–57. http://dx.doi.org/10.1108/rmj-12-2018-0045.
Full textAbstract:
Purpose This paper aims to explore a paradoxical situation, asking whether it is possible to reconcile the immutable ledger known as blockchain with the requirements of the General Data Protection Regulations (GDPR), and more broadly privacy and data protection. Design/methodology/approach This paper combines doctrinal legal research examining the GDPR’s application and scope with case studies examining blockchain solutions from an archival theoretic perspective to answer several questions, including: What risks are blockchain solutions said to impose (or mitigate) for organizations dealing with data that is subject to the GDPR? What are the relationships between the GDPR principles and the principles of archival theory? How can these two sets of principles be aligned within a particular blockchain solution? How can archival principles be applied to blockchain solutions so that they support GDPR compliance? Findings This work will offer an initial exploration of the strengths and weaknesses of blockchain solutions for GDPR compliant information governance. It will present the disjunctures between GDPR requirements and some current blockchain solution designs and implementations, as well as discussing how solutions may be designed and implemented to support compliance. Immutability of information recorded on a blockchain is a differentiating positive feature of blockchain technology from the perspective of trusted exchanges of value (e.g. cryptocurrencies) but potentially places organizations at risk of non-compliance with GDPR if personally identifiable information cannot be removed. This work will aid understanding of how blockchain solutions should be designed to ensure compliance with GDPR, which could have significant practical implications for organizations looking to leverage the strengths of blockchain technology to meet their needs and strategic goals. Research limitations/implications Some aspects of the social layer of blockchain solutions, such as law and business procedures, are also well understood. Much less well understood is the data layer, and how it serves as an interface between the social and the technical in a sociotechnical system like blockchain. In addition to a need for more research about the data/records layer of blockchains and compliance, there is a need for more information governance professionals who can provide input on this layer, both to their organizations and other stakeholders. Practical implications Managing personal data will continue to be one of the most challenging, fraught issues for information governance moving forward; given the fairly broad scope of the GDPR, many organizations, including those outside of the EU, will have to manage personal data in compliance with the GDPR. Blockchain technology could play an important role in ensuring organizations have easily auditable, tamper-resistant, tamper-evident records to meet broader organizational needs and to comply with the GDPR. Social implications Because the GDPR professes to be technology-neutral, understanding its application to novel technologies such as blockchain provides an important window into the broader context of compliance in evolving information governance spaces. Originality/value The specific question of how GDPR will apply to blockchain information governance solutions is almost entirely novel. It has significance to the design and implementation of blockchain solutions for recordkeeping. It also provides insight into how well “technology-neutral” laws and regulations actually work when confronted with novel technologies and applications. This research will build upon significant bodies of work in both law and archival science to further understand information governance and compliance as we are shifting into the new GDPR world.
24
Linden, Thomas, Rishabh Khandelwal, Hamza Harkous, and Kassem Fawaz. "The Privacy Policy Landscape After the GDPR." Proceedings on Privacy Enhancing Technologies 2020, no. 1 (January 1, 2020): 47–64. http://dx.doi.org/10.2478/popets-2020-0004.
Full textAbstract:
AbstractThe EU General Data Protection Regulation (GDPR) is one of the most demanding and comprehensive privacy regulations of all time. A year after it went into effect, we study its impact on the landscape of privacy policies online. We conduct the first longitudinal, in-depth, and at-scale assessment of privacy policies before and after the GDPR. We gauge the complete consumption cycle of these policies, from the first user impressions until the compliance assessment. We create a diverse corpus of two sets of 6,278 unique English-language privacy policies from inside and outside the EU, covering their pre-GDPR and the post-GDPR versions. The results of our tests and analyses suggest that the GDPR has been a catalyst for a major overhaul of the privacy policies inside and outside the EU. This overhaul of the policies, manifesting in extensive textual changes, especially for the EU-based websites, comes at mixed benefits to the users.While the privacy policies have become considerably longer, our user study with 470 participants on Amazon MTurk indicates a significant improvement in the visual representation of privacy policies from the users’ perspective for the EU websites. We further develop a new workflow for the automated assessment of requirements in privacy policies. Using this workflow, we show that privacy policies cover more data practices and are more consistent with seven compliance requirements post the GDPR. We also assess how transparent the organizations are with their privacy practices by performing specificity analysis. In this analysis, we find evidence for positive changes triggered by the GDPR, with the specificity level improving on average. Still, we find the landscape of privacy policies to be in a transitional phase; many policies still do not meet several key GDPR requirements or their improved coverage comes with reduced specificity.
25
Papakonstantinou, Vagelis, and Daniel Wasser. "Article: Codes of Conduct in German Employment Relationships – A Measure to Adequately Implementing Compliance and Data Protection?" European Business Law Review 35, Issue 2 (April 1, 2024): 157–82. http://dx.doi.org/10.54648/eulr2024014.
Full textAbstract:
Compliance as well as Compliance-Management-Systems, Codes of Conduct and General Data Protection Regulation are widely known terms in any (multinational) corporation. In daily legal practice, however, Codes of Conduct containing or being combined with Codes of Conduct according to Art. 40 GDPR (GDPR codes) are unlikely to being drafted or published. Particularly by employers and thus corporations. This is for a good reason. Addressing codes of conduct within corporations, it is not yet comprehensively analyzed whether GDPR codes may be lawfully drafted by corporations or – if drafted lawfully – whether these are appropriate measures within employers’ Corporate Compliance-Management-Systems. Aiming to contribute to the discussion in this respect, this paper contours possible considerations of the analysis explicitly encouraging colleagues to critically think of this topic as well. Eventually, if GDPR codes are appropriate measures, lawfully and comprehensively implementing compliance codes is nevertheless essential in any case. Compliance-Management-Systems, Codes of Conduct, General Data Protection Regulation, Employee Data Protection, Compliance codes, GDPR codes, Compliance
26
Jusić, Asim. "Privacy between Regulation and Technology: GDPR and the Blockchain." IUS Law Journal Vol 1, No 1 (2022): 47–59. http://dx.doi.org/10.21533/iuslawjournal.v1i1.9.
Full textAbstract:
Compliance with the GDPR while using blockchain technology for data processing results in compliance issues, due to the fact that the blockchain and the GDPR employ different methods to ensure privacy-by-design and privacy-by-default. The blockchain is built on disintermediation and relative decentralization, whereas the GDPR aims for re-intermediation and relative centralization of the data protection process. This paper provides an overview of and suggestions on how to secure compliance with the GDPR while processing data using the blockchain. A focus is placed on the data protection impact assessment on the blockchain network, issues in identifying and determining the role(s) of sole and joint data controllers and data processors, obstacles to exercising the right to rectification and right to be forgotten when the data is recorded on the blockchain, GDPR data transfer requirements as applied to the blockchain, and the protection of privacy in the process of creating blockchain-based smart contracts.
27
Tauqeer, Amar, Anelia Kurteva, Tek Raj Chhetri, Albin Ahmeti, and Anna Fensel. "Automated GDPR Contract Compliance Verification Using Knowledge Graphs." Information 13, no. 10 (September 24, 2022): 447. http://dx.doi.org/10.3390/info13100447.
Full textAbstract:
In the past few years, the main research efforts regarding General Data Protection Regulation (GDPR)-compliant data sharing have been focused primarily on informed consent (one of the six GDPR lawful bases for data processing). In cases such as Business-to-Business (B2B) and Business-to-Consumer (B2C) data sharing, when consent might not be enough, many small and medium enterprises (SMEs) still depend on contracts—a GDPR basis that is often overlooked due to its complexity. The contract’s lifecycle comprises many stages (e.g., drafting, negotiation, and signing) that must be executed in compliance with GDPR. Despite the active research efforts on digital contracts, contract-based GDPR compliance and challenges such as contract interoperability have not been sufficiently elaborated on yet. Since knowledge graphs and ontologies provide interoperability and support knowledge discovery, we propose and develop a knowledge graph-based tool for GDPR contract compliance verification (CCV). It binds GDPR’s legal basis to data sharing contracts. In addition, we conducted a performance evaluation in terms of execution time and test cases to validate CCV’s correctness in determining the overhead and applicability of the proposed tool in smart city and insurance application scenarios. The evaluation results and the correctness of the CCV tool demonstrate the tool’s practicability for deployment in the real world with minimum overhead.
28
McDonagh, Maeve. "Putting the Fox in Charge? Political Parties and the GDPR: An Irish Perspective." European Public Law 26, Issue 2 (June 1, 2020): 363–90. http://dx.doi.org/10.54648/euro2020048.
Full textAbstract:
In the wake of Cambridge Analytica, the use of personal data by political parties has been subject to increased scrutiny. Given the specific policy challenges which such use poses, this article examines the conditions for the lawful processing of personal data under the General Data Protection Regulation (GDPR), as it applies to political parties. It identifies the extensive flexibilities afforded by the GDPR to Member States and argues that granular Member State analysis is required if the GDPR regime is to be meaningfully evaluated in this context. Using Ireland as a detailed case study and referencing the equivalent provisions of the UK Data Protection Act 2018 (DPA UK) for comparison, the article examines the different ways in which these Member States responded to the flexibility afforded by the GDPR. Based on this, the article argues that closer engagement with the issue of political parties by the European Data Protection Board is needed in order to provide a more fine-grained response which bridges the space between the ‘one size fits all’ approach in the GDPR and the wide-ranging discretion of the flexibilities afforded to Member States. GDPR, political parties, lawful processing, freedom of expression, public interest, European Data Protection Board
29
Petroiu, M. "GDPR Implementation Series ∙ Romania: Overview of the GDPR Implementation." European Data Protection Law Review 4, no. 3 (2018): 366–69. http://dx.doi.org/10.21552/edpl/2018/3/16.
Full text
30
Islam, Md Toriqul, Mariyam Sahula, and Mohammad Ershadul Karim. "UNDERSTANDING GDPR: ITS LEGAL IMPLICATIONS AND RELEVANCE TO SOUTH ASIAN PRIVACY REGIMES." UUM Journal of Legal Studies 13, No.1 (January 31, 2022): 45–76. http://dx.doi.org/10.32890/uumjls2022.13.1.3.
Full textAbstract:
Emerging as a buzzword, the General Data Protection Regulation (GDPR) has had immense implications on global data protection regimes. The GDPR appears as a worldwide standard for protecting personal data based on the omnibus legal substance, extensive extraterritorial scope, and influential market of the European Union (EU). It resulted in a global wave where countries are either adopting new legislation or modifying existing data privacy laws to comply with the GDPR. Historically, the South Asian region, abode to one-fifth of the world’s people, has strong trade and economic ties with Europe. As reflected in current bilateral or multilateral trade agreements, the EU tends to be one of the largest trading partners of most South Asian countries. Therefore, it is understandable that the EU’s norms, laws, policies, particularly the GDPR, would have far-reaching impacts on South Asian countries. However, the issue has not been yet evaluated in legal academic settings that require an analysis of GDPR’s overview and its impacts on South Asian privacy regimes. The findings of this doctrinal legal study, together with the sharing of a brief overview of the GDPR and South Asian privacy regimes, reiterate the influence of GDPR in this region. The findings of this research also have the prospects to enlighten the stakeholders in understanding the GDPR and its implications on global as well as South Asian privacy regimes. This article concludes with several suggestions and policy alternatives that policymakers can explore in South Asia and beyond in designing their potential personal data protection policy strategies.
31
Freitas, Pedro Miguel. "The General Data Protection Regulation: an overview of the penalties’ provisions from a Portuguese standpoint." UNIO – EU Law Journal 4, no. 2 (August 30, 2018): 99–104. http://dx.doi.org/10.21814/unio.4.2.10.
Full textAbstract:
The aim of this paper is to analyse the punitive regime foreseen in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR). The administrative fines’ regime found in Article 83 of the GDPR and some of the questions it arises will be explored. We conclude that the Member States should adopt a critical stance when adapting their national legislation to the norms of the GDPR. The fundamental principles enshrined in national constitutions and supranational legal texts must be closely analysed and observed since the GDPR introduces a mandatory sanctions framework.
32
Costina, Loredana, and Adrian Corobană. "GDPR impact on the Romanian health clinics." Proceedings of the International Conference on Business Excellence 15, no. 1 (December 1, 2021): 908–16. http://dx.doi.org/10.2478/picbe-2021-0084.
Full textAbstract:
Abstract The General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679 came into effect on the 25 of May 2018 and changed the way both companies and consumers look at the importance of personal data. While the Regulation aimed to offer better protection of personal data, it also posed many challenges for the companies processing such data. A special category of personal data are the health data, considered sensitive data under the GDPR and subject to special conditions regarding the processing. Therefore, one of the main industries that was highly impacted by GDPR was the healthcare industry. The challenges that the industry faces, especially private small health clinics, are unique among the private companies. Starting from the legal provisions that the healthcare industry must comply to under GDPR, the article analysis the main mistakes that heal clinics make, the causes of such mistakes and the main challenges faced by health clinics, with the aim of offering possible solutions for a better application of the GDPR principles in the activity of health clinics for the benefit of both the healthcare industry and the patient.
33
Georgiopoulou, Zafeiroula, Eleni-Laskarina Makri, and Costas Lambrinoudakis. "GDPR compliance: proposed technical and organizational measures for cloud provider." Information & Computer Security 28, no. 5 (June 8, 2020): 665–80. http://dx.doi.org/10.1108/ics-01-2020-0009.
Full textAbstract:
Purpose The purpose of this paper is to give a brief guidance on what a cloud provider should consider and what further actions to take to comply with General Data Protection Regulation (GDPR). Design/methodology/approach This paper presents in detail the requirements for GDPR compliance of cloud computing environments, presents the GDPR roles (data controller and data processor) in a cloud environment and discusses the applicability of GDPR compliance requirements for each cloud architecture (Infrastructure as a Service, Platform as a Service, Software as a Service), proposes countermeasures for satisfying the aforementioned requirements and demonstrates the applicability of the aforementioned requirements and countermeasures to a PaaS environment offering services for building, testing, deploying and managing applications through cloud managed data centers. The applicability of the method has been demonstrated on in a PaaS environment that offers services for building, testing, deploying and managing applications through cloud managed data centers. Findings The results of the proposed GDPR compliance measures for cloud providers highlight the effort and criticality required from cloud providers to achieve compliance. Originality/value
34
Hallinan, Dara, Franziska Boehm, Annika Külpmann, and Malte Elson. "Information Provision for Informed Consent Procedures in Psychological Research Under the General Data Protection Regulation: A Practical Guide." Advances in Methods and Practices in Psychological Science 6, no. 1 (January 2023): 251524592311519. http://dx.doi.org/10.1177/25152459231151944.
Full textAbstract:
Psychological research often involves the collection and processing of personal data from human research participants. The European General Data Protection Regulation (GDPR) applies, as a rule, to psychological research conducted on personal data in the European Economic Area (EEA)—and even, in certain cases, to psychological research conducted on personal data outside the EEA. The GDPR elaborates requirements concerning the forms of information that should be communicated to research participants whenever personal data are collected directly from them. There is a general norm that informed consent should be obtained before psychological research involving the collection of personal data directly from research participants is conducted. The information required to be provided under the GDPR is normally communicated in the context of an informed consent procedure. There is reason to believe, however, that the information required by the GDPR may not always be provided. Our aim in this tutorial is thus to provide general practical guidance to psychological researchers allowing them to understand the forms of information that must be provided to research participants under the GDPR in informed consent procedures.
35
Daoultzoglou, Aikaterini. "GDPR and education: an approach for e-learning in Greek schools." Ανοικτή Εκπαίδευση: το περιοδικό για την Ανοικτή και εξ Αποστάσεως Εκπαίδευση και την Εκπαιδευτική Τεχνολογία 19, no. 1 (July 7, 2023): 191–209. http://dx.doi.org/10.12681/jode.31195.
Full textAbstract:
The GDPR was put into action in May 2018. It outlines key principles that must be followed for any entity that is collecting personal data related to peopleresidingin the EU (Duncan & Joyner, 2021). Amongst the entities thathave to comply with the new Regulation are schools. This paper focuses on primary and secondary education‧ it covers a range of controversial issues and aims to provide an overview of a schools’ obligations and responsibilities vis a vis GDPR. It determines major definitions in terms of school reality, enlightens basic blur points, and stipulates what schools as Data Controllers must do. Moreover, the special case of distance learning amidst the Covid-19 pandemic is thoroughly analyzed. Due to rush transition to e-learning platforms plenty GDPR issues occurred and they are presented in this paper. Finally, a couple of possible, mainly technical, solutions are proposed to the difficulties that might emerge in the effort to build a strong GDPR school environment. The importance of GDPR compliance isapparent and indicated in every chapter.
36
Cambronero, M. Emilia, Miguel A. Martínez, José Luis de la Vara, David Cebrián, and Valentín Valero. "GDPRValidator: a tool to enable companies using cloud services to be GDPR compliant." PeerJ Computer Science 8 (December 1, 2022): e1171. http://dx.doi.org/10.7717/peerj-cs.1171.
Full textAbstract:
This article presents a tool called GDPRValidator that aims to assist small and medium-sized enterprises (SMEs) that have migrated their services, or a part of them, to the cloud to be General Data Protection Regulation (GDPR) compliant when they manage and store employees’ or customers’ data in the cloud. As these companies have a limited budget to hire legal experts to guide them in complying with GDPR, the main objective of this tool is to help SMEs to be more competitive by saving a considerable amount of money. By using GDPRValidator, these companies can learn and begin the GDPR compliance process by themselves and decide whether it will be necessary to hire GDPR legal experts in the end. GDPRValidator implements a process that aids companies in compliance analysis and validation and generates a series of documents with recommendations. These documents do not guarantee full GDPR compliance, but they can help the company better understand the regulation and improve its data management strategies. In order to validate the efficiency and efficacy of the tool, two SMEs have used it and provided feedback about its perceived ease of use and its perceived usefulness for understanding and complying with GDPR. The results of the validation showed that, for both companies, the degree of perceived usefulness and ease of use of GDPRValidator is quite good. All the scores expressed agreement.
37
URZICEANU, RAMONA-MIHAELA, and VALENTINA-SIMONA PAŞCALĂU. "DIGITAL MARKETING REGULATIONS." Agora International Journal of Juridical Sciences 13, no. 1 (October 29, 2019): 25–30. http://dx.doi.org/10.15837/aijjs.v13i1.3729.
Full textAbstract:
The General Data Protection Regulation (GDPR) is a European law which grants rights regarding an individual’s personal data. Having been adopted in April 2016, its enforcement became effective as of 25th May 2018.This article aims to highlight who should do this, what exactly they should do and how to do it. Learn about the scope of GDPR in digital marketing, the definition of a personal data breach, the rights of data subjects, incident response under GDPR and more.
38
Gal, Michal S., and Oshrit Aviv. "The Competitive Effects of the GDPR." Journal of Competition Law & Economics 16, no. 3 (May 18, 2020): 349–91. http://dx.doi.org/10.1093/joclec/nhaa012.
Full textAbstract:
Abstract The GDPR is the Magna Carta of data protection, the importance of which cannot be overstated. Yet, as this article shows, the price of data protection through the GDPR is much higher than previously recognized. The GDPR creates two main harmful effects on competition and innovation: it limits competition in data markets, creating more concentrated market structures and entrenching the market power of those who are already strong; and it limits data sharing between different data collectors, thereby preventing the realization of some data synergies which may lead to better data-based knowledge. To illustrate its claims, the article analyzes the competitive dynamics created by the GDPR, focusing on how it affects the options available to firms for amassing the data necessary for their operations, and their resultant ability to realize economies of scale and scope in data analysis. It identifies seven main parallel and cumulative market dynamics that may limit data collection and data sharing, only some of which have been recognized so far. As shown, under some market conditions, the GDPR has unintended and so far unrecognized effects on competition, efficiency, innovation, and the resultant welfare. The dynamics identified in this article offer partial explanations for some of the troubling empirical evidence regarding investment in EU data-driven markets following the adoption of the GDPR. Furthermore, the analysis enables us to identify which effects are short-term and which are here to stay. The effects on competition and innovation identified may justify a reevaluation of the balance reached to ensure that overall welfare is increased. The article suggests some means of reducing harmful competitive effects, while still protecting the vital goal of privacy, including reaching a better balance between data protection and competition law, reducing uncertainty in the GDPR, creating certification mechanisms for GDPR compliance, and structuring of mandatory data-sharing obligations under other laws in a way, which is sensitive to the dynamics of data markets.
39
Penić, Sanja, and Kristian Saletović. "Okvir za uvođenje i provjeru GDPR-a u malim i srednje velikim poduzećima." Obrazovanje za poduzetništvo - E4E 11, no. 1 (June 14, 2021): 67–81. http://dx.doi.org/10.38190/ope.11.1.6.
Full textAbstract:
Opća uredba o zaštiti osobnih podataka (Uredba (EU) 2016/697 poznata kao GDPR) počela se primjenjivati u svibnju 2018. godine te je imala znatan utjecaj na organizaciju poslovnih procesa u poduzećima. Posebno su to osjetila mala i srednje velika poduzeća za koje GDPR predstavlja dodatno opterećenje zbog ionako ograničenih resursa. Okvir za implementaciju i reviziju prethodno implementiranih zahtjeva definiranih GDPR-om predstavljen u ovom radu rezultat je informacija iz znanstvene literature i spoznaja dobivenih revizijom već implementirane Uredbe u dva mala poduzeća. Cilj je ovog rada je doprinijeti razumijevanju poteškoća s kojim se suočavaju mala i srednje velika poduzeća pri implementaciji GDPR-a. U radu je korištena studije slučaja. Dobiveni rezultati pokazali su da, iako je prošlo već dvije godine od prve implementacije, još postoji nerazumijevanje terminologije i obaveza u smislu svakodnevne primjene.
40
Sun, Chen, Evan Jacobs, Daniel Lehmann, Andrew Crouse, and Supreeth Shastri. "GDPRxiv: Establishing the State of the Art in GDPR Enforcement." Proceedings on Privacy Enhancing Technologies 2023, no. 4 (October 2023): 484–99. http://dx.doi.org/10.56553/popets-2023-0121.
Full textAbstract:
Though European Union's General Data Protection Regulation (GDPR) is hailed as a model privacy regulation, details about its enforcement are not well understood. To address this gap, we propose establishing the state of the art (SOTA) in GDPR enforcement, and present the design and implementation of GDPRxiv: an information archival system that collects and curates GDPR rulings, judgements, reports, and official guidances. GDPRxiv consists of 8000+ official precedents and guidances, the largest such collection. To demonstrate the usefulness of this corpora, we share insights gleaned at the aggregate-level (say, how is the GDPR being enforced in the field) and at the article-level (say, what are the common failures observed in the field while implementing article-17 Right to be Forgotten). We release all of our software artifacts and datasets at https://GDPRxiv.org.
41
Marchetti, Emanuela, Claus Witfelt, Andrea Valente, Daniel Amo-Filvà, Alicia García-Holgado, Lucia García-Holgado, Elisabetta Vidotto, et al. "Designing Games for GDPR: Negotiating Understandings of GDPR in EU Schools." European Conference on Games Based Learning 18, no. 1 (October 7, 2024): 863–71. http://dx.doi.org/10.34190/ecgbl.18.1.2585.
Full textAbstract:
In this study we combine a participatory design process with a citizen science framing, to foster a dialogue on GDPR in the school. We focus on the perspective of students, approaching them as co-researchers, in designing and evaluating a series of apps, aimed at spreading knowledge on GDPR. We have created a design space between secondary school students in Denmark and Italy, to gather insights across different countries. Results show that approaching students as designers and testers enabled them to provide honest and concrete insights on their experience with GDPR. We identified a detachment related to their posting activities, caused by how social media platforms (SoMe) challenge the boundaries between their personal and school-related ecologies.
42
Claus Witfelt,, Claus Witfelt,, Emanuela Marchetti, Emanuela Marchetti,, Andrea Valente Andrea Valente, Daniel Amo-Filva,, Alicia García-Holgado, Lucia García-Holgado, Elisabetta Vidotto, et al. "Designing Games for GDPR: Negotiating Understandings of GDPR in EU Schools." European Conference on Games Based Learning 18, no. 1 (October 14, 2024): 1099–107. http://dx.doi.org/10.34190/ecgbl.18.1.3102.
Full textAbstract:
In this study we combine a participatory design process with a citizen science framing, to foster a dialogue on GDPR in the school. We focus on the perspective of students, approaching them as co-researchers, in designing and evaluating a series of apps, aimed at spreading knowledge on GDPR. We have created a design space between secondary school students in Denmark and Italy, to gather insights across different countries. Results show that approaching students as designers and testers enabled them to provide honest and concrete insights on their experience with GDPR. We identified a detachment related to their posting activities, caused by how social media platforms (SoMe) challenge the boundaries between their personal and school-related ecologies.
43
Al-Fayad, Fadye Saud. "The European Union’s GDPR and Its Effect on Data-Driven Marketing Strategies." International Journal of Marketing Studies 12, no. 1 (February 24, 2020): 39. http://dx.doi.org/10.5539/ijms.v12n1p39.
Full textAbstract:
This research paper analyzes the developing effect that the European Union’s (EU) recently developed General Data Protection Regulation (GDPR) will have on the marketing strategies of firms that rely on big data. Big data is identified as consisting of data and data analytics involving a huge volume of data, a diverse variety of data, and a high velocity of data capture and collection. This analysis begins with some discussion of the concept of big data and follows this up with overviews of both the GDPR and big data use in the marketplace. The EU replaced its older Data Protection Directive or DPD with the GDPR. The GDPR consists of a series of chapters and articles that require, among other things, consent to collect and store data, the anonymization of data, announcement in 72 hours of a data breach, provision of encryption and the identification of a Data Protection Officer. Marketing and the marketing function can implement emergent technologies that augment big data and its analysis while simultaneously achieving compliance with regulatory frameworks like the GDPR. These marketing related solutions are those such as blockchain marketing applications like Brave Browser and Blockstack among others. The report also examines the way in which enterprises use big data in their marketing strategies and how they are affected by it now that it has come into effect. Some of the more marketing-oriented uses and applications of big data are found in sophisticated loyalty programs, demand forecasting and customization either of experience or product/service. This study also offers some final recommendations related to GDPR compliant marketing strategies. These include the development of a comprehensive program to purchase consumer data directly from consumers and the introduction of blockchain as a means to facilitate a smoother transition to GDPR compliance.
44
Lach, Daniel Eryk. "Przetwarzanie i ochrona danych dotyczących zdrowia przez organizatora systemu opieki zdrowotnej." Studia Prawa Publicznego, no. 3 (31) (October 15, 2020): 53–72. http://dx.doi.org/10.14746/spp.2020.3.31.3.
Full textAbstract:
The protection of individuals regarding to the processing of personal data is one of the fundamental rights. The General Data Protection Regulation (GDPR) lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data. Data concerning health is one of the areas the GDPR defines as special personal data, the so-called sensitive data. With regard to these data, the GDPR allows their processing only on an exceptional basis, in certain situations. According to Art. 6 sec. 1 let. e GDPR and art. 9 sec. 2 let. b GDPR, data processing is allowed, inter alia, when such processing is necessary for the purposes of meeting the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law. In turn, Art. 9 sec. 2 let. h GDPR permits the processing of health data that is necessary for the purposes of providing health or social care or treatment, or for managing health or social care systems and services on the basis of European Union or Member State law. The article discusses the national legal regulations regarding the collection and processing of personal data concerning health in the light of the organization of the health care system and the tasks of the National Health Fund (NFZ) as a placeholder, whose task is only to manage financial resources and conclude health care contracts on its own behalf with independent healthcare providers and their accounting. Against the background of the GDPR, the author discusses the provisions of the acts on health care services financed from public funds and on the information system in health care. Finally, specific regulation regarding the COVID-19 pandemic are presented.
45
Fernandes, José, Carolina Machado, and Luís Amaral. "Towards a readiness model derived from critical success factors, for the general data protection regulation implementation in higher education institutions." Strategic Management 28, no. 1 (2023): 4–19. http://dx.doi.org/10.5937/straman2200033f.
Full textAbstract:
Background: Present the relevance of the study and highlights the key points of literature overview. Purpose: As of May 25, 2018, General Data Protection Regulation (GDPR) has become mandatory for all organizations, public or private, that handle personal data of European citizens, regardless of their physical location. Higher education institutions (HEIs), namely public universities, are no exception to this requirement and, as in many other organizations, many HEIs begin the process of implementing the GDPR without meeting the minimum conditions necessary for implementation. The purpose of this study, therefore, is to present a model to determine the level of readiness of HEIs regarding the implementation of the GDPR. Study design/methodology/approach: With the objective of designing a new artefact as a readiness model for the implementation of the GDPR, this study follows Design Science Research as an approach to be used to build the readiness model, based on a set of 16 critical success factors (CSFs) previously determined. Findings/conclusions: A readiness model was designed, based on a set of 16 CSFs related to the implementation of GDPR in HEIs. Limitations/future research: This is a new area of study that needs further development, namely through the practical application of the model, allowing the improvement of the measurement levels of the different CSFs. Practical implications: The determined readiness model allows HEIs to realize a priori if they have the necessary conditions for the implementation of the GDPR, giving useful indications of the organizational dimensions and the CSFs that compose them where better performance is necessary to ensure a successful implementation. Originality/Value: As far as we know, this is the first model of readiness based on CSFs related to the implementation of GDPR in HEIs, being therefore a first contribution to the development of this area.
46
Ansar, Kainat, Mansoor Ahmed, Saif Ur Rehman Malik, Markus Helfert, and Jungsuk Kim. "Blockchain based general data protection regulation compliant data breach detection system." PeerJ Computer Science 10 (March 15, 2024): e1882. http://dx.doi.org/10.7717/peerj-cs.1882.
Full textAbstract:
Context Data breaches caused by insiders are on the rise, both in terms of frequency and financial impact on organizations. Insider threat originates from within the targeted organization and users with authorized access to an organization’s network, applications, or databases commit insider attacks. Motivation Insider attacks are difficult to detect because an attacker with administrator capabilities can change logs and login records to destroy the evidence of the attack. Moreover, when such a harmful insider attack goes undetected for months, it can do a lot of damage. Such data breaches may significantly impact the affected data owner’s life. Developing a system for rapidly detecting data breaches is still critical and challenging. General Data Protection Regulation (GDPR) has defined the procedures and policies to mitigate the problems of data protection. Therefore, under the GDPR implementation, the data controller must notify the data protection authority when a data breach has occurred. Problem Statement Existing data breach detection mechanisms rely on a reliable third party. Because of the presence of a third party, such systems are not trustworthy, transparent, secure, immutable, and GDPR-compliant. Contributions To overcome these issues, this study proposed a GDPR-compliant data breach detection system by leveraging the benefits of blockchain technology. Smart contracts are written in Solidity and deployed on a local Ethereum test network to implement the solution. The proposed system can generate alert notifications against every data breach. Results We tested and deployed our proposed system, and the findings indicate that it can accomplish the insider threat mitigation objective. Furthermore, the GDPR compliance analysis of our system was also evaluated to make sure that it complies with the GDPR principles (such as right to be forgotten, access control, conditions for consent, and breach notifications). The conducted analysis has confirmed that the proposed system offers capabilities to comply with the GDPR from an application standpoint.
47
Cambronero, M. Emilia, Miguel A. Martínez, Luis Llana, Ricardo J. Rodríguez, and Alejandro Russo. "Towards a GDPR-compliant cloud architecture with data privacy controlled through sticky policies." PeerJ Computer Science 10 (March 29, 2024): e1898. http://dx.doi.org/10.7717/peerj-cs.1898.
Full textAbstract:
Data privacy is one of the biggest challenges facing system architects at the system design stage. Especially when certain laws, such as the General Data Protection Regulation (GDPR), have to be complied with by cloud environments. In this article, we want to help cloud providers comply with the GDPR by proposing a GDPR-compliant cloud architecture. To do this, we use model-driven engineering techniques to design cloud architecture and analyze cloud interactions. In particular, we develop a complete framework, called MDCT, which includes a Unified Modeling Language profile that allows us to define specific cloud scenarios and profile validation to ensure that certain required properties are met. The validation process is implemented through the Object Constraint Language (OCL) rules, which allow us to describe the constraints in these models. To comply with many GDPR articles, the proposed cloud architecture considers data privacy and data tracking, enabling safe and secure data management and tracking in the context of the cloud. For this purpose, sticky policies associated with the data are incorporated to define permission for third parties to access the data and track instances of data access. As a result, a cloud architecture designed with MDCT contains a set of OCL rules to validate it as a GDPR-compliant cloud architecture. Our tool models key GDPR points such as user consent/withdrawal, the purpose of access, and data transparency and auditing, and considers data privacy and data tracking with the help of sticky policies.
48
Węgrzyn, Justyna. "Granting of Consent by a Child for the Processing of Their Personal Data Within the Framework of Information Society Services." Przegląd Prawa Konstytucyjnego 67, no. 3 (June 30, 2022): 363–72. http://dx.doi.org/10.15804/ppk.2022.03.27.
Full textAbstract:
For a long time, it has been observed that services available in the virtual world, such as social networks, gaming platforms, music streaming services, have attracted the interest of internet users of different ages. They include children, who require special protection as relates to the processing of their personal data. These issues have been addressed by the EU legislator in Art. 8 of GDPR2. The purpose of this paper is to analyze the solutions adopted in Article 8 GDPR and to assess their application in practice.
49
Gunst, Simon, and Ferdi De Ville. "The Brussels Effect: How the GDPR Conquered Silicon Valley." European Foreign Affairs Review 26, Issue 3 (October 1, 2021): 437–58. http://dx.doi.org/10.54648/eerr2021036.
Full textAbstract:
In 2018, the Californian government adopted a new data protection framework. The flagship of this framework is the California Consumer Privacy Act (CCPA). As this new framework is widely considered to resemble the European Union’s (EU’s) General Data Protection Regulation (GDPR), this article intends to investigate whether the Brussels Effect could explain this resemblance. We apply process-tracing to test if the Brussels Effect causally connects the GDPR with the CCPA. The analysis is based on a careful evaluation of three sets of evidence. Firstly, privacy policies of Apple, Facebook, and Google are examined. Secondly, lobbying concerning the alignment of the implementation of the CCPA with the GDPR is scrutinized. Lastly, it is investigated whether the Californian government has used arguments linked to the Brussels Effect while drafting the CCPA and its subsequent implementing regulations. It is concluded that the Brussels Effect has indeed played a role in the adoption of the CCPA. Nevertheless, it has become clear that the impact of the Effect varies depending on exactly which provision of the GDPR is examined. Brussels Effect, process-tracing, California, CCPA, European Union, GDPR, Data Protection, Lobbying, Big Tech
50
Presthus, Wanda, and Hanne Sørum. "Consumer perspectives on information privacy following the implementation of the GDPR." International Journal of Information Systems and Project Management 7, no. 3 (October 27, 2021): 19–34. http://dx.doi.org/10.12821/ijispm070302.
Full textAbstract:
The General Data Protection Regulation (GDPR) was implemented in the European Union and European Economic Area in May 2018. The GDPR aims to strengthen consumers’ rights to data privacy in the wake of technological developments like big data and artificial intelligence. This was a hot topic for stakeholders, such as lawyers, companies and consumers, prior to the GDPR’s implementation. This paper investigates to what extent consumers are concerned about information privacy issues following the implementation of the GDPR. We present findings from an online survey conducted during spring 2019 among 327 Norwegian consumers, as well as findings from a survey conducted immediately prior to the implementation of the GDPR in spring 2018. We draw the following conclusions: (1) consumers gained significant knowledge about their information privacy from the GDPR, but felt relatively little need to execute their enhanced rights; (2) about 50% of respondents believed themselves to have control over their data, while almost 40% stated that they had no control about their personal data; and (3) consumers largely trusted companies to manage their personal data. These insights are of interest to both academia and to industries that deal with personal data.