To see the other types of publications on this topic, follow the link: General Data Protection Regulation (GDPR).
Journal articles on the topic 'General Data Protection Regulation (GDPR)'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'General Data Protection Regulation (GDPR).'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Knott, Nigel. "The General Data Protection Regulation." Faculty Dental Journal 9, no. 2 (April 2018): 54–57. http://dx.doi.org/10.1308/rcsfdj.2018.54.
Full text
2
Bhaimia, Sahar. "The General Data Protection Regulation: the Next Generation of EU Data Protection." Legal Information Management 18, no. 1 (March 2018): 21–28. http://dx.doi.org/10.1017/s1472669618000051.
Full textAbstract:
AbstractThis article, written by Sahar Bhaimia, presents an overview of the General Data Protection Regulation (EU) (2016/679) (GDPR) which will apply automatically across the EU on 25 May 2018. The GDPR is an update and reform of existing EU data protection law, first established by the Data Protection Directive (1995/46/EC). The article is for knowledge managers and information services professionals who may be asked to take on responsibility for GDPR, and focuses on the UK. It covers the fundamentals of EU data protection law, highlights key changes brought about by the GDPR, and provides practical tips and suggestions for knowledge managers.
3
Vlahou, Antonia, Dara Hallinan, Rolf Apweiler, Angel Argiles, Joachim Beige, Ariela Benigni, Rainer Bischoff, et al. "Data Sharing Under the General Data Protection Regulation." Hypertension 77, no. 4 (April 2021): 1029–35. http://dx.doi.org/10.1161/hypertensionaha.120.16340.
Full textAbstract:
The General Data Protection Regulation (GDPR) became binding law in the European Union Member States in 2018, as a step toward harmonizing personal data protection legislation in the European Union. The Regulation governs almost all types of personal data processing, hence, also, those pertaining to biomedical research. The purpose of this article is to highlight the main practical issues related to data and biological sample sharing that biomedical researchers face regularly, and to specify how these are addressed in the context of GDPR, after consulting with ethics/legal experts. We identify areas in which clarifications of the GDPR are needed, particularly those related to consent requirements by study participants. Amendments should target the following: (1) restricting exceptions based on national laws and increasing harmonization, (2) confirming the concept of broad consent, and (3) defining a roadmap for secondary use of data. These changes will be achieved by acknowledged learned societies in the field taking the lead in preparing a document giving guidance for the optimal interpretation of the GDPR, which will be finalized following a period of commenting by a broad multistakeholder audience. In parallel, promoting engagement and education of the public in the relevant issues (such as different consent types or residual risk for re-identification), on both local/national and international levels, is considered critical for advancement. We hope that this article will open this broad discussion involving all major stakeholders, toward optimizing the GDPR and allowing a harmonized transnational research approach.
4
Bryukhovetsky, Kirill, and Ilya Livshitz. "An analysis of a General Data Protection Regulation impact on fuel and energy companies." Energy Safety and Energy Economy 5 (November 2020): 55–63. http://dx.doi.org/10.18635/2071-2219-2020-5-55-63.
Full textAbstract:
General Data Protection Regulation has been adopted in 2018 and establishes privacy and security protection for data gathered on anyone in the European Union. Russian power engineering companies have to potentially comply with GDPR in regards of processing and storing customer data. This paper contains an analysis of certain GDPR requirements and their meaning for power engineering companies and their departments for the purpose of compliance risk assessment. The results can help make decisions on compliance risk assessment initiatives to diminish data protection risks for international businesses, including power engineering companies.
5
Lovell, M., and M. A. Foy. "General Data Protection Regulation May 2018 (GDPR)." Bone & Joint 360 7, no. 4 (August 2018): 41–42. http://dx.doi.org/10.1302/2048-0105.74.360622.
Full text
6
Mazur, Marek. "SCOPE AND NATURE OF CHANGES IN PERSONAL DATA PROTECTION SYSTEMS OF PUBLIC INSTITUTIONS IN THE LIGHT OF THE PROVISIONS OF THE GDPR (GENERAL DATA PROTECTION REGULATION)." Kultura Bezpieczeństwa. Nauka – Praktyka - Refleksje 31, no. 31 (September 28, 2018): 169–86. http://dx.doi.org/10.5604/01.3001.0012.8602.
Full textAbstract:
The EU GDPR Regulation introduced rules and regulations on the protection of individuals with regard to the processing of their personal data regardless of their citizenship or place of residence. The article focuses on issues related directly to the regulation on the protection of personal data and related to documents that regulate the protection of personal data and their processing in public institutions in Poland. The author presents basic estimates about the entry of the GDPR Regulation, indicates the importance of individual Dobies/organisations and entities playing a key role in the protection of personal data on the territory of Poland. It describes the documents that establish minimum standards for personal data protection systems to be developed in public institutions to guarantee security. In this article, the author attempted to indicate the scope and nature of changes in personal data systems in the light of the provisions of the GDPR Regulation.
7
Becker, Regina, Adrian Thorogood, Johan Ordish, and Michael J. S. Beauvais. "COVID-19 Research: Navigating the European General Data Protection Regulation." Journal of Medical Internet Research 22, no. 8 (August 27, 2020): e19799. http://dx.doi.org/10.2196/19799.
Full textAbstract:
Researchers must collaborate globally to rapidly respond to the COVID-19 pandemic. In Europe, the General Data Protection Regulation (GDPR) regulates the processing of personal data, including health data of value to researchers. Even during a pandemic, research still requires a legal basis for the processing of sensitive data, additional justification for its processing, and a basis for any transfer of data outside Europe. The GDPR does provide legal grounds and derogations that can support research addressing a pandemic, if the data processing activities are proportionate to the aim pursued and accompanied by suitable safeguards. During a pandemic, a public interest basis may be more promising for research than a consent basis, given the high standards set out in the GDPR. However, the GDPR leaves many aspects of the public interest basis to be determined by individual Member States, which have not fully or uniformly made use of all options. The consequence is an inconsistent legal patchwork that displays insufficient clarity and impedes joint approaches. The COVID-19 experience provides lessons for national legislatures. Responsiveness to pandemics requires clear and harmonized laws that consider the related practical challenges and support collaborative global research in the public interest.
8
Cvik, Eva Daniela, Radka MacGregor Pelikánová, and Michal Malý. "Selected Issues from the Dark Side of the General Data Protection Regulation." Review of Economic Perspectives 18, no. 4 (December 1, 2018): 387–407. http://dx.doi.org/10.2478/revecp-2018-0020.
Full textAbstract:
Abstract The Regulation (EU) 2016/679 on the protection of personal data (GDPR) was enacted in 2016 and applies from 25thMay 2018 in the entire EU. The GDPR is a product of an ambitious reform and represents a direct penetration of the EU law into the legal systems of the EU member states. The EU works on the enhancement of awareness about the GDPR and points out its bright side. However, the GDPR has its dark side as well, which will inevitably have a negative impact. Hence, the goal of this paper is twofold - (i) to scientifically identify, forecast, and analyze selected problematic aspects of the GDPR and its implementation, in particular for Czech municipalities, and (ii) to propose recommendations about how to reduce, or even avoid, their negative impacts. These theoretic analyses are projected to a Czech case study focusing on municipalities, which offers fresh primary data and allows a further refining of the proposed recommendations. An integral part of the performed analyses is also a theoretic forecast of expenses linked to the GDPR, which municipalities will have to include in their mandatory expenses and mid-term prognostic expectations regarding the impact on the budgets of these municipalities from Central Bohemia. The GDPR, like Charon, is at the crossing, the capacity and knowledge regarding its application is critical for operating in the EU in 2018. It is time both to admit that the GDPR has its dark side and to present real and practical recommendations about how to mitigate it.
9
Martin, Nicholas, Christian Matt, Crispin Niebel, and Knut Blind. "How Data Protection Regulation Affects Startup Innovation." Information Systems Frontiers 21, no. 6 (November 18, 2019): 1307–24. http://dx.doi.org/10.1007/s10796-019-09974-2.
Full textAbstract:
AbstractWhile many data-driven businesses have seen rapid growth in recent years, their business development might be highly contingent upon data protection regulation. While it is often claimed that stricter regulation penalizes firms, there is only scarce empirical evidence for this. We therefore study how data protection regulation affects startup innovation, exploring this question during the ongoing introduction of the EU General Data Protection Regulation (GDPR). Our results show that the effects of data protection regulation on startup innovation are complex: it simultaneously stimulates and constrains innovation. We identify six distinct firm responses to the effects of the GDPR; three that stimulate innovation, and three that constrain it. We furthermore identify two key stipulations in the GDPR that account for the most important innovation constraints. Implications and potential policy responses are discussed.
10
Sirait, Yohanes Hermanto. "GENERAL DATA PROTECTION REGULATION (GDPR) DAN KEDAULATAN NEGARA NON-UNI EROPA." Gorontalo Law Review 2, no. 2 (October 30, 2019): 60. http://dx.doi.org/10.32662/golrev.v2i2.704.
Full textAbstract:
Generally, the GDPR applies to data processing activities conducted by organisations established in the European Union (EU). But in certain activities, GDPR may also apply outside EU according to extra-teritorial principle. This principle has correlation to concept of sovereignty in international law. This article aims to examine whether a state must abide to GDPR when the requirement fulfiled or should the states use their sovereignty as a basis to deny it. This article is normative legal research. It focus on case-law, statutes and other legal source as primary and subsidiary source. The analysis is deductive by reasoning from more general to more specific. The result show that extra-teritorial principle under GDPR is in accordance to international law. The practice is common in the world in order to protect the citizen and national interest from any threat from abroad. The chance of overlapping between this principles with state’s sovereignty is hardly to occur as the principle only works when the interest of European citizen violated.
11
Geller, Anja. "How Comprehensive Is Chinese Data Protection Law? A Systematisation of Chinese Data Protection Law from a European Perspective." GRUR International 69, no. 12 (September 20, 2020): 1191–203. http://dx.doi.org/10.1093/grurint/ikaa136.
Full textAbstract:
Abstract In China, there is no unified data protection law similar to the EU’s General Data Protection Regulation (GDPR). As a result, there are many different relevant regulations. Among other things, this makes enforcement and comprehension more difficult. To alleviate this problem and assess the comprehensiveness of Chinese data protection, this article uses the GDPR as a frame to organise and systematise the most important Chinese regulations. Binding and non-binding as well as enacted and draft provisions are included to show the dynamic progress and the general direction of Chinese law. While from a European data protection perspective there still are numerous deficiencies, the general development is positive.
12
McLennan, Stuart, Leo Anthony Celi, and Alena Buyx. "COVID-19: Putting the General Data Protection Regulation to the Test." JMIR Public Health and Surveillance 6, no. 2 (May 29, 2020): e19279. http://dx.doi.org/10.2196/19279.
Full textAbstract:
The coronavirus disease (COVID-19) pandemic is very much a global health issue and requires collaborative, international health research efforts to address it. A valuable source of information for researchers is the large amount of digital health data that are continuously collected by electronic health record systems at health care organizations. The European Union’s General Data Protection Regulation (GDPR) will be the key legal framework with regard to using and sharing European digital health data for research purposes. However, concerns persist that the GDPR has made many organizations very risk-averse in terms of data sharing, even if the regulation permits such sharing. Health care organizations focusing on individual risk minimization threaten to undermine COVID-19 research efforts. In our opinion, there is an ethical obligation to use the research exemption clause of the GDPR during the COVID-19 pandemic to support global collaborative health research efforts. Solidarity is a European value, and here is a chance to exemplify it by using the GDPR regulatory framework in a way that does not hinder but actually fosters solidarity during the COVID-19 pandemic.
13
Todorova-Ekmekci, Mirena. "GDPR - General Data Protection Regulation on Sites Requiring Accessibility." Innovative STEM Education 3, no. 1 (June 29, 2021): 37–48. http://dx.doi.org/10.55630/stem.2021.0305.
Full textAbstract:
The paper describes what GDPR - General Data Protection Regulation is and why it matters for business, institutions and other legal entities, who need to collect personal data in order to provide and deliver services or products. They have to apply and describe to consumers’ principles and general rules to protect their data. Rules include reasons why personal data collection is necessary, transparency how and by who it will be used and stored and for how long, as well as safety measures to not be used by other third parties or for other purposes unless the consumer clearly agreed. The paper explores the necessity and awareness to provide personal data to sites, how people provide it, what rights and options there are to protect it and why. Online users and clients are now more aware and receiving information on how their personal data is used by sites and service providers online. Research results on how much people want and fear to share their personal data are also presented. The paper presents in detail GDPR rules, requirements and rights and practiced, as well as what is personal data and sensitive personal data and the different ways to process and protect it. The research also focuses on special personal data provided by people with disabilities in order to have accessibility on sites and use certain services. In the end, recommendations for sites with accessibility are presented, following GDPR protection requirements.
14
Bassani, Rafael Vescovi, and Sílvio César Cazella. "O alinhamento entre learning analytics e a general data protection regulation." ETD - Educação Temática Digital 23, no. 4 (November 18, 2021): 1022–40. http://dx.doi.org/10.20396/etd.v23i4.8658829.
Full textAbstract:
O rápido crescimento da modalidade de educação a distância propiciou que pesquisadores apresentassem estudos variados relacionados ao tema. Junto a estes estudos emergem conceitos tais como o de Learning Analytics (LA), que se constitui em uma área que se propõe a medir, coletar, analisar e relatar dados de discentes em seus contextos. Todavia, o uso destes dados de discentes traz à tona nova preocupação relacionada a proteção, privacidade e o correto uso dos dados. A União Europeia já se encontra legislando sobre a proteção de dados pessoais com um amplo Regulamento Geral sobre a Proteção de Dados (GDPR). No Brasil, a legislação hoje disponível constitui-se na Lei Geral de Proteção de Dados Pessoais (LGPDP) e seu efeito se inicia em agosto de 2020. Este artigo tem por objetivo apresentar o resultado de uma Revisão Sistemática da Literatura (RSL) que buscou identificar pesquisas acadêmicas relacionadas a temática Learning Analytics (LA) e General Data Protection Regulation (GDPR). Após a aplicação dos critérios de Inclusão e exclusão sobre os artigos obtidos, foram selecionados dez artigos para análise. Com a análise foi possível concluir que existe um alinhamento entre os conceitos de LA e GDPR e que o LA deve seguir as orientações do GDPR.
15
Dalrymple, H. W. "The general data protection regulation, the clinical trial regulation and some complex interplay in paediatric clinical trials." European Journal of Pediatrics 180, no. 5 (January 18, 2021): 1371–79. http://dx.doi.org/10.1007/s00431-021-03933-3.
Full textAbstract:
AbstractAlthough a number of authors have commented upon the impact of the GDPR on clinical trial conduct, few have examined the specific setting of paediatric trials. Whilst the general principles are the same as those for adults, some additional considerations arise. The ages of consent relating to data privacy and clinical trial participation are different in a number of countries, but the distinction is often not recognised in non-drug trials. Accidental pregnancies in clinical trials always raise complexities, but these are amplified when the trial subject is a minor, and the processes described in clinical trial protocols rarely take account of GDPR requirements. This paper describes approaches which can be taken to ensure the rights of children are respected.Conclusion: The conduct of paediatric clinical trials within GDPR requirements is quite possible provided authors think carefully when drafting protocols. What is Known:•GDPR is applicable to clinical trials, including paediatric trials.•A number of challenges at the interface between the GDPR and CTR have been described. What is New:•The application of the GDPR to certain specific situations in paediatric trials does not appear to have been explored.•Three such situations are described and solutions offered.
16
Hendrie, Melissa. "Brexit: Is This the End for the General Data Protection Regulation?" Business Law Review 37, Issue 5 (October 1, 2016): 173–74. http://dx.doi.org/10.54648/bula2016032.
Full textAbstract:
The confirmed exit of the United Kingdom from the European Union (EU) coincides with significant reform of European data protection law. Such reform will arise through the European General Data Protection Regulation (GDPR) which is on course for direct enforcement in all EU Member States as of May 2018. Separation negotiations must be endured before finalization of an EU-UK divorce, the product of which will determine the role of GDPR in Britain’s future.
17
Vargas, Vanesa Madalina, Sonia Budz, and Bogdan Cristian Onete. "The relationship between human resources activities and the general data protection regulation." Proceedings of the International Conference on Business Excellence 15, no. 1 (December 1, 2021): 552–59. http://dx.doi.org/10.2478/picbe-2021-0050.
Full textAbstract:
Abstract The goal of GDPR is to harmonize consumer rights in the European Union regardless of where they are or where they come from. This has an impact on the processing of personal data within organizations - especially in human resources departments. GDPR has major consequences in the HR field as the employer processes employee data (and potential employees) on a large scale. At the formal level, the Human Resources Director must ensure that the new concepts introduced by the Regulation are correctly reflected in the internal documents governing the duties and responsibilities of the employees. The biggest challenge in this regard is defining the role of the data protection officer at the organization level. The methodological section of this article includes a narrative analysis based on an interview with a data protection officer, head of compliance guide to GDPR. The purpose of this study reflects the impact of the Personal Data Regulations on the Human Resources activities. It is useful for organizations and subjects to know what particular attention should be paid regarding GDPR to the recruitment process, the access methods of the equipment available to the employee, the data protection solutions in the systems and the employee monitoring system.
18
Kuner, Christopher. "International Organizations and the EU General Data Protection Regulation." International Organizations Law Review 16, no. 1 (January 7, 2019): 158–91. http://dx.doi.org/10.1163/15723747-2019008.
Full textAbstract:
The importance of personal data processing for international organizations (‘IOs’) demonstrates the need for them to implement data protection in their work. The EU General Data Protection Regulation (‘GDPR’) will be influential around the world, and will impact IOs as well. Its application to them should be determined under relevant principles of EU law and public international law, and it should be interpreted consistently with the international obligations of the EU and its Member States. However, IOs should implement data protection measures regardless of whether the GDPR applies to them in a legal sense. There is a need for EU law and international law to take each other better into account, so that IOs can enjoy their privileges and immunities also with regard to EU law and avoid conflicts with international law, while still providing a high level of data protection in their operations.
19
Ryngaert, Cedric, and Mistale Taylor. "The GDPR as Global Data Protection Regulation?" AJIL Unbound 114 (2020): 5–9. http://dx.doi.org/10.1017/aju.2019.80.
Full textAbstract:
The deterritorialization of the Internet and international communications technology has given rise to acute jurisdictional questions regarding who may regulate online activities. In the absence of a global regulator, states act unilaterally, applying their own laws to transborder activities. The EU's “extraterritorial” application of its data protection legislation—initially the Data Protection Directive (DPD) and, since 2018, the General Data Protection Regulation (GDPR)—is a case in point. The GDPR applies to “the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services . . . to such data subjects in the Union; or (b) the monitoring of their behaviour . . . within the Union.” It also conditions data transfers outside the EU on third states having adequate (meaning essentially equivalent) data protection standards. This essay outlines forms of extraterritoriality evident in EU data protection law, which could be legitimized by certain fundamental rights obligations. It then looks at how the EU balances data protection with third states’ countervailing interests. This approach can involve burdens not only for third states or corporations, but also for the EU political branches themselves. EU law viewed through the lens of public international law shows how local regulation is going global, despite its goal of protecting only EU data subjects.
20
Raković, Radoslav. "Personal data protection: Actual status and challenges." Tehnika 77, no. 5 (2022): 501–8. http://dx.doi.org/10.5937/tehnika2204501r.
Full textAbstract:
Fundamental information security management standard ISO 27001 declares need for protecting basic features of information - confidentiality, integrity and availability - and defines 114 controls oriented to technical, organizational and combined actions that should enable it. Particular issue represents personal data protection that is subject of particular General Data protection Regulation (GDPR) has been appplied in EU from 25.05.2018. and paricular Law on personal data protection of Republic of Serbia has been applied from 22.08.2019. After brief review of the GDPR and the subject law, actual status of personal data protection in Serbia are considered, as well as challenges we will face in the future in this area.
21
Hölbl, Marko, Boštjan Kežmah, and Marko Kompara. "Data Protection Heterogeneity in the European Union." Applied Sciences 11, no. 22 (November 18, 2021): 10912. http://dx.doi.org/10.3390/app112210912.
Full textAbstract:
In light of digitalisation, we are witnessing an increased volume of collected data and data generation and exchange acceleration. Therefore, the European Union (EU) has introduced the General Data Protection Regulation (GDPR) as a new framework for data protection on the European level. However, GDPR allows the member states to change some parts of the regulation, and the member states can always build on top of the GDPR. An example is the collection of biometric data with electronic signatures. This paper aims to compare the legislation on data protection topics in the various EU member states. The findings show that the member states included in the study generally do not have many additional/specific laws (only in 29.4% of the cases). However, almost all have other/additional legislation to the GDPR on at least one topic. The most additional legislation is on the topics of video surveillance, biometry, genetic data and health data. We also introduce a dynamic map that allows for quick navigating between different information categories and comparisons of the EU member states at a glance.
22
Lazarakos, Grigoris. "Parliamentary activity and the General Data Protection Regulation (gdpr)." International Journal of Parliamentary Studies 1, no. 2 (November 2, 2021): 315–26. http://dx.doi.org/10.1163/26668912-bja10021.
Full textAbstract:
Abstract In light of the recent cjeu case C-272/19 of 9 July 2020 (vq v. Land Hessen), debates commenced within various European Parliaments regarding the material scope of application of the General Data Protection Regulation (gdpr) to data processing in parliamentary core areas. This case study focuses on Greece, and aims at highlighting the points of intersection and tension between parliamentary action – in particular the institution of parliamentary control – and the protection of personal data, as they emerge from the practice of the Hellenic Data Protection Authority (“hdpa”) and the Hellenic Parliament. It further makes proposals to end the current fragmentation in the implementation of data protection across the European Parliaments and to ensure consistent and homogenous application of the data protection rules in relation to core parliamentary activities throughout the European Union.
23
Blanke, Jordan M. "Protection for ‘Inferences Drawn’: A Comparison Between the General Data Protection Regulation and the California Consumer Privacy Act." Global Privacy Law Review 1, Issue 2 (June 1, 2020): 81–92. http://dx.doi.org/10.54648/gplr2020080.
Full textAbstract:
Inferences drawn from personal data have arguably become more dangerous to individual privacy than the vast collection and storage of the data itself. Recently there have been questions raised about whether the General Data Protection Regulation (GDPR) has sufficient protection for these inferences. Probably not surprisingly, and learning from this possible shortcoming, the California Consumer Privacy Act (CCPA) specifically includes ‘inferences drawn’ as part of its definition of personal information. This article explores the widespread use of inferential data and compares the protection provided under the GDPR and the CCPA for such inferences. privacy, data protection, inferences drawn, GDPR, CCPA
24
He, Zhi Le, Dao Li Huang, and Yun Ting Lei. "The Background and the International and Domestic Impact of 'General Data Protection Regulation'." Applied Mechanics and Materials 599-601 (August 2014): 2173–77. http://dx.doi.org/10.4028/www.scientific.net/amm.599-601.2173.
Full textAbstract:
With the development of globalization and new technology, it is difficult for the existing data protection framework of EU to adapt to the new challenges inbig data era. The European Commission sought to establish new legal framework to deal with challenges actively, so“General Data Protection Regulation“£ ̈GDPR£©was enacted in November2012. Analysis of GDPR background andthe overview of its impact to the world and Chinaare significant for the dialysis of the development trend of the contemporary data protection and the creation of a safe and reliable onlineenvironment.
25
Cornock, Marc. "General Data Protection Regulation (GDPR) and implications for research." Maturitas 111 (May 2018): A1—A2. http://dx.doi.org/10.1016/j.maturitas.2018.01.017.
Full text
26
Freitas, Pedro Miguel. "The General Data Protection Regulation: an overview of the penalties’ provisions from a Portuguese standpoint." UNIO – EU Law Journal 4, no. 2 (August 30, 2018): 99–104. http://dx.doi.org/10.21814/unio.4.2.10.
Full textAbstract:
The aim of this paper is to analyse the punitive regime foreseen in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR). The administrative fines’ regime found in Article 83 of the GDPR and some of the questions it arises will be explored. We conclude that the Member States should adopt a critical stance when adapting their national legislation to the norms of the GDPR. The fundamental principles enshrined in national constitutions and supranational legal texts must be closely analysed and observed since the GDPR introduces a mandatory sanctions framework.
27
Laybats, Claire, and John Davies. "GDPR." Business Information Review 35, no. 2 (June 2018): 81–83. http://dx.doi.org/10.1177/0266382118777808.
Full textAbstract:
This article discusses the main changes to data protection regulation with the introduction of the General Data Protection Regulation (GDPR) that comes into effect on 25 May 2018. It considers the effect on organizations coming under its jurisdiction through an interview with John Davies, Managing Director of digital agency Reading Room, and then goes on to consider the implications for organizations currently out of the geographical area the GDPR controls. It finally considers the implications for the future as the GDPR becomes established.
28
Atikcan, Ece Özlem, and Adam William Chalmers. "Choosing lobbying sides: the General Data Protection Regulation of the European Union." Journal of Public Policy 39, no. 4 (September 26, 2018): 543–64. http://dx.doi.org/10.1017/s0143814x18000223.
Full textAbstract:
AbstractDespite the impressive amount of empirical research on lobbying, a fundamental question remains overlooked. How do interest groups choose to lobby different sides of an issue? We argue that how groups choose sides is a function of firm-level economic activity. By studying a highly salient regulatory issue, the European Union’s General Data Protection Regulation (GDPR), and using a novel data set of lobbying activities, we reveal that a group’s main economic sector matters most. Firms operating in finance and retail face unique costs and are incentivised to lobby against the GDPR. However, these groups are outgunned by a large, heterogeneous group of firms with superior lobbying firepower on the other side of the issue.
29
Md. Toriqul Islam and Mohammad Ershadul Karim. "EXTRATERRITORIAL APPLICATION OF THE EU GENERAL DATA PROTECTION REGULATION: AN INTERNATIONAL LAW PERSPECTIVE." IIUM Law Journal 28, no. 2 (January 22, 2021): 531–65. http://dx.doi.org/10.31436/iiumlj.v28i2.495.
Full textAbstract:
The General Data Protection Regulation (the GDPR) of the European Union (EU) emerges as a hot-button issue in contemporary global politics, policies, and business. Based on an omnibus legal substance, extensive extraterritorial scope and influential market powers, it appears as a standard for global data protection regulations as can be witnessed by the growing tendency of adopting, or adjusting relevant national laws following the instrument across the globe. Under Article 3, of the GDPR applies against any data controller or processor within and outside the EU, who process the personal data of EU residents. Therefore, the long arm of the GDPR is extended to cover the whole world, including Malaysia. This gives rise to tension worldwide, as non-compliance thereof leads to severe fines of up to €20 million or 4% of annual turnover. This is not a hypothetical possibility, rather a reality, as a huge amount of fines are already imposed on many foreign companies, such as Google, Facebook, Uber, and Equifax to name a few. Such a scenario, due to the existence of state sovereignty principles under international law, has made the researchers around the world curious about some questions, why does the EU adopt an instrument having the extraterritorial application; whether the extraterritorial scope is legitimate under normative international law; how the provisions of this instrument can be enforced, and how these are justified. This article attempts to search for answers to those questions by analyzing the relevant rules and norms of international law and the techniques of the EU employed. The article concludes with the findings that the extraterritorial scope of the GDPR is justified under international law in a changed global context. The findings of this article will enlighten the relevant stakeholders, including Malaysian policymakers and business entities, to realise the theoretical aspects of inclusion of the extraterritorial feature of the GDPR, and this understanding may facilitate them to map their future strategies.
30
Scholliers, Annelies, Dimitri De Fré, Inge D’haese, and Stefan Gogaert. "The Impact of the New European Union General Data Protection Regulation (GDPR) on Data Collection at Mass Gatherings." Prehospital and Disaster Medicine 34, s1 (May 2019): s138. http://dx.doi.org/10.1017/s1049023x19003042.
Full textAbstract:
Introduction:As of May 2018, a new European privacy law called the General Data Protection Regulation (GDPR) is in order. With this law, every organization operating in the European Union (EU), needs to adhere to a strict set of rules concerning collection and processing of personal data.Aim:To explore the consequences of the GDPR for data collection at mass gatherings in the European Union.Methods:Since the law was published on April 27, 2016, a thorough reading of the law was conducted by 4 persons with a background in mass gathering health. The GDPR consists of 99 articles organized into 11 chapters. There are also 173 recitals to further explain certain ambiguities. Key articles and recitals relating to healthcare and scientific research were identified. Possible pitfalls and opportunities for data collection and processing at mass gatherings were noted.Discussion:Under article 4, key definitions are noted. There is a clear definition of “data concerning health”. According to the GDPR, health data is a special category of personal data which should not be processed according to article 9(1). However, there is an exception for scientific research (article 9(2)(j)). There are a few safeguards in place, as laid out in article 89. One interesting point is that according to article 89(2), certain derogations can take place if the law interferes with scientific research. The GDPR has major consequences for data collection and processing in the EU. However, with the use of certain safeguards (e.g., pseudonymization) there are still ample opportunities for scientific research. It is important to review one’s method of data collection to make sure it complies with the GDPR.
31
Biswal, Surya Prakash, and Mugdha S. Kulkarni. "Implications of GDPR on Emerging Technologies." Revista Gestão Inovação e Tecnologias 11, no. 4 (August 24, 2021): 4898–912. http://dx.doi.org/10.47059/revistageintec.v11i4.2512.
Full textAbstract:
In the present digital era, organizations worldwide are facing several opportunities and challenges in safeguarding and preserving significant data that are essential in the efficient functioning of organizational activities. Organizations have realized and understood the importance of data collection and analysis to influence target achievements and meet futuristic demands. Many small-scale enterprises and start-ups have also initiated decisions to implement technologies that enable a positive long-term impact. Due to these requirements, the General Data Protection Regulation (GDPR) implementation has become a necessity to ensure future sustenance and functionality of existing and growing organizations. The operational activities in the organizational environment are forced to comply with the general data protection regulation policies and framework. The European Union general data protection regulation, which was imposed in May 2018 (European Union General Data Protection Regulation, 2016), has proven to be effective, both within the country's internal boundaries and globally. However, many organizations are still not familiar with the general data protection regulation compliance policies. The emergence of general data protection regulation has been a recent interest in the activities of various organizational sectors as they are attempting to understand the policies and compliance requirements on the implementation of GDPR applications. The research intends to explore the implications between the GDPR and emerging technologies and suggests various recommendations for organizations to implement and follow the GDPR guidelines that could enhance organizational activities.
32
Hauck, Ronny. "Personal Data in Insolvency Proceedings: The Interface between the New General Data Protection Regulation and (German) Insolvency Law." European Company and Financial Law Review 16, no. 6 (December 6, 2019): 724–45. http://dx.doi.org/10.1515/ecfr-2019-0024.
Full textAbstract:
When the General Data Protection Regulation (henceforth: GDPR) came into force, it quickly became clear that the new data protection law would strongly influence many different areas of law. This article deals with the relationship between data protection law and insolvency law, which was hardly considered before the GDPR was adopted. This relationship is particularly relevant where personal data is to be sold as asset in insolvency proceedings. As will be shown, the new data protection law imposes requirements on such data transfers which are very difficult to fulfil. The main problem is that in German law, personal data is not transferable because it is considered part of a subject’s personality. This situation is comparable to German copyright law, since the copyright itself is a non-transferable good. However, just as usage rights in copyright, the rights to use the personal data can be transferred to a third party provided that the requirements of the GDPR are satisfied. This article will comprehensively analyse under which conditions a transfer of such rights would be possible in insolvency proceedings. To create a balanced relationship between data protection law and insolvency law, the principle of proportionality is of crucial importance in this respect.
33
Biswal, S. P., and M. S. Kulkarni. "Implications of GDPR on Emerging Technologies in Healthcare." CARDIOMETRY, no. 23 (August 20, 2022): 255–62. http://dx.doi.org/10.18137/cardiometry.2022.23.255262.
Full textAbstract:
In the present digital era, organizations worldwide, including healthcare institutions, are facing several opportunities and challenges in safeguarding and preserving significant data that are essential in the efficient functioning of organizational activities. Organizations have realized and understood the importance of data collection and analysis to influence target achievements and meet futuristic demands. Many small-scale enterprises and start-ups have also initiated decisions to implement technologies that enable a positive long-term impact. Due to these requirements, the General Data Protection Regulation (GDPR) implementation has become a necessity to ensure future sustenance and functionality of existing and growing organizations. The operational activities in the organizational environment are forced to comply with the general data protection regulation policies and framework. The European Union general data protection regulation, which was imposed in May 2018 (European Union General Data Protection Regulation, 2016), has proven to be effective, both within the country’s internal boundaries and globally. However, many organizations are still not familiar with the general data protection regulation compliance policies. The emergence of general data protection regulation has been a recent interest in the activities of various organizational sectors as they are attempting to understand the policies and compliance requirements on the implementation of GDPR applications. The research intends to explore the implications between the GDPR and emerging technologies and suggests various recommendations for organizations to implement and follow the GDPR guidelines that could enhance organizational activities.
34
Yuniarti, Siti. "Petugas/Pejabat Pelindungan Data Pribadi dalam Ekosistem Perlindungan Data Pribadi: Indonesia, Uni Eropa dan Singapura." Business Economic, Communication, and Social Sciences (BECOSS) Journal 4, no. 2 (June 4, 2022): 111–20. http://dx.doi.org/10.21512/becossjournal.v4i2.8377.
Full textAbstract:
Personal data protection regulations have been adopted by 137 countries until the beginning of 2022. In addition to creating a data protection agency, personal data protection regulations have also created new professionalism, namely personal data protection officers. The main role of the data protection officer is to ensure compliance with personal data protection regulations placing the function of a data protection officer as an important factor in the personal data protection ecosystem. It raises the question of how the role of data protection officers in the personal data protection ecosystem when it is analyzed from the attributes attached to the profession. Therefore, using the normative juridical research method, this paper attempts to describe the role of the data protection officer in the personal data protection ecosystem by analyzing the attributes attached to the profession through a comparison of the General Data Protection Regulation (GDPR) in the European Union, Personal Data Protection Act Singapore and the draft of personal data regulation in Indonesia. This paper concluded that the existence of a data protection officer is part of the data protection regulation, whether it appears as an obligation or in terms of certain conditions. Independency of the data protection officer and organizational support is essential to optimize the data protection officer’s role which has been adopted on GDPR. It also noticed the presence of data protection officers as a service to fulfill the needs of data protection officers by organizations. Further research regarding the attribute of data protection officers as studied in this paper is needed since the Indonesia personal data protection bill will impact many sectors, both private and public sectors.
35
Bin Othman, Mohd Bahrin, and Muhammad Faiz Bin Abu Samah. "The Magnitude of GDPR To Malaysia." Malaysian Journal of Social Sciences and Humanities (MJSSH) 7, no. 9 (September 30, 2022): e001776. http://dx.doi.org/10.47405/mjssh.v7i9.1776.
Full textAbstract:
The European Union (“EU”) General Data Protection Regulation (“GDPR”) governs any individuals or companies that stores or processes personal information about EU citizens within EU states even if it does not involve a business presence within the EU. Malaysian businesses need to comply with the GDPR as failure to comply will cause disruption or discontinuance of business. This paper aims to understand and evaluate the scope of the GDPR and its effect on personal data protection in Malaysia. It employs a doctrinal qualitative approach by examining the GDPR and the Malaysia Personal Data Protection Act 2010. This paper suggests that the GDPR provides a more comprehensive law with its holistic principles and rights which may provide lessons for Malaysia in protecting personal data as the area covered by the GDPR is broader specifically the non-commercial transactions, its wider range of rights and the extraterritorial applicability.
36
Rosentau, Mario. "The General Data Protection Regulation and its Violation of EU Treaties." Juridica International 27 (September 30, 2018): 36–40. http://dx.doi.org/10.12697/ji.2018.27.03.
Full textAbstract:
While the EU General Data Protection Regulation, which entered force on 25 May, is generally good and necessary in its vigorous protection of the fundamental rights of self‑determination and identity of European people, the article identifies a core issue that has gone unnoticed: the GDPR violates EU treaties. It is, at base, a ‘European law’, yet European laws are banned under the TEU and TFEU. The article examines the background for this conflict. The ambitious plan for ratification of 2003’s draft treaty establishing a constitution for Europe fell at the first hurdle in 2005. The draft Constitution envisaged a legislative innovation: the European law and European framework law, directly applicable in the Member States and superior to them. These legal instruments, envisaged as replacing EU regulations, could readily be cited as a major federalist pillar of the draft. Yet there would be no European laws – they were rejected with the draft constitution in the 2005 referenda, and the current treaties do not foresee any law-like European legislation. The author outlines the GDPR’s nature as a European law thus: the regulation 1) potentially concerns all residents of Europe, albeit by adding to the rights of individuals and protecting their freedoms; 2) addresses virtually all legal entities and undertakings acting, physically or through a network, in the European judicial area; 3) addresses the Member States and the EU itself; 4) and has cross-border applicability and covers the whole EU. Furthermore, its reach extends to service providers outside the EU if their service targets EU data subjects. There are substantial impacts on subjects on whom obligations are substantial. Hence, the author concludes that the GDPR’s scope, depth, and impacts exceed all the limits that the EU treaties permit for regulations. Furthermore, the treaties do not even know the term ‘general regulation’. Since the GDPR possesses the characteristics of a ‘European law’ – and even is ‘seamlessly’ positioned in a place reserved by the draft EU Constitution for the ‘European law on data protection’ – while such laws have been rejected, a key issue is highlighted: how deep an EU-level political integration and relinquishment of the individual European nations’ sovereignty do the Member States actually want? For instance, most analyses of the causes of Brexit cite loss of sovereignty of the UK as one of the main factors in the decision. The author concludes that, since the GDPR is with us to stay, amendment of the EU treaties can no longer be avoided. Noble objectives cannot justify infringements of the present ‘European Constitution’ and the constitutions of the Member States.
37
Cunha Pinto, Benedita. "Faz sentido que uma empresa transfira a sua sede ou estabelecimento por causa do Regulamento Geral sobre a Proteção de Dados?" Revista Electrónica de Direito 27, no. 1 (2022): 223–50. http://dx.doi.org/10.24840/2182-9845_2022-0001_0007.
Full textAbstract:
The article aims to make an analysis of the issue of the transfer of headquarters or even of the establishment because of the General Data Protection Regulation (Regulation (EU) 2016/679 of 27 April 2016). In a first phase we approach in detail the territorial scope of the GDPR in accordance with the establishment criterion and the targeting criterion. Then, we point out some limitations related to the execution of the aforementioned Regulation, as well as some reasons that may lead a company to consider transferring its registered office to a country outside the European Economic Area (EEA) or, simply, opting to resort to establishment migration. In this context, we use to address two mechanisms for implementing the GDPR – Designation of a Representative in the EEE and Standard Contractual Clauses – as they reveal matters of great practical interest to companies. Finally, we will make some proposals towards a possible prevention of establishment migration.
38
Grzeszczak, Robert, and Joanna Mazur. "Regulating without Regulation? Regulating without the Sovereign?" Review of Central and East European Law 46, no. 3-4 (December 8, 2021): 321–45. http://dx.doi.org/10.1163/15730352-bja10056.
Full textAbstract:
Abstract The development of automated decision-making technologies creates the threat of de-iuridification: replacement of the legal acts’ provisions with automated, technological solutions. The article examines how selected provisions of the General Data Protection Regulation concerning, among other things, data protection impact assessments, the right to not be subject to automated decision-making, information obligations and the right to access are applied in the Polish national legal order. We focus on the institutional and procedural solutions regarding the involvement of expert bodies and other stakeholders in the process of specification of the norms included in the gdpr and their enforcement. We argue that the example of Poland shows that the solutions adopted in the gdpr do not shift the balance concerning regulatory power in regard to automated decision-making to other stakeholders and as such do not favor of a more participative approach to the regulatory processes.
39
Kaule, Susanne. "The IEEE EMC society and general data protection regulation (GDPR)." IEEE Electromagnetic Compatibility Magazine 7, no. 4 (2018): 65. http://dx.doi.org/10.1109/memc.2018.8637293.
Full text
40
Yuan, Bocong, and Jiannan Li. "The Policy Effect of the General Data Protection Regulation (GDPR) on the Digital Public Health Sector in the European Union: An Empirical Investigation." International Journal of Environmental Research and Public Health 16, no. 6 (March 25, 2019): 1070. http://dx.doi.org/10.3390/ijerph16061070.
Full textAbstract:
The rapid development of digital health poses a critical challenge to the personal health data protection of patients. The European Union General Data Protection Regulation (EU GDPR) works in this context; it was passed in April 2016 and came into force in May 2018 across the European Union. This study is the first attempt to test the effectiveness of this legal reform for personal health data protection. Using the difference-in-difference (DID) approach, this study empirically examines the policy influence of the GDPR on the financial performance of hospitals across the European Union. Results show that hospitals with the digital health service suffered from financial distress after the GDPR was published in 2016. This reveals that during the transition period (2016–2018), hospitals across the European Union indeed made costly adjustments to meet the requirements of personal health data protection introduced by this new regulation, and thus inevitably suffered a policy shock to their financial performance in the short term. The implementation of GDPR may have achieved preliminary success.
41
Saunders, Rhodri, Rafael Torrejon Torres, and Maximilian Blüher. "OP117 Digital Real-World Evidence In Times Of General Data Protection Regulation." International Journal of Technology Assessment in Health Care 37, S1 (December 2021): 1. http://dx.doi.org/10.1017/s0266462321000660.
Full textAbstract:
IntroductionReal-world evidence (RWE) is a useful supplement to a product's evidence base especially for medical devices, which are often unsuitable for randomized controlled trials. Generally, RWE is analyzed retrospectively (for example, healthcare records), which lack granularity for health-economic analysis. Prospective collection of RWE in hospitals can promote device-specific endpoint assessment. The advent of the General Data Protection Regulation (GDPR) requires a privacy-by-design approach. This work describes a workflow for a GDPR-compliant device-specific RWE collection as part of quality improvement initiatives (QII).MethodsA literature review identifies relevant clinical and quality markers as endpoints to the investigated technology. A panel of experts grade these endpoints on their clinical significance, privacy sensitivity, analytic value, and feasibility for collection. Endpoints meeting a predefined cut-off are considered quality markers for the QII. Finally, an RWE data collection app is designed to collect the quality markers using either longitudinal, pseudonymized data or single time-point anonymized data to ensure data protection by design.ResultsUsing this approach relevant clinical markers were identified in a GDPR-compliant manner. The data collection app design ensured that patient data were protected, while maintaining minimum requirements on patient information and consent. The pilot QII collected data on over 5,000 procedures, which represents the largest single data set available for the tested technology. Due to its prospective nature this programme was the first to collect patient outcomes in sufficient quantity for analysis, while previous studies only recorded adverse events.ConclusionsGDPR and RWE can co-exist in harmony. A design approach, which has data protection in mind from the start can combine high quality RWE collection of efficacy and safety data with maximum patient privacy.
42
Kręcisz-Sarna, Agnieszka. "PERSONAL DATA PROTECTION IN GENERAL ADMINISTRATIVE PROCEEDINGS." Roczniki Administracji i Prawa 2, no. XVIII (December 30, 2018): 199–213. http://dx.doi.org/10.5604/01.3001.0013.1791.
Full textAbstract:
This article aims to draw attention to the duties of personal data protection in general administrative proceedings in the context of the General Data Protection Regulation, which came into force on 25 May 2018. It depicts the subjective, the objective, as well as the territorial scope of the application of GDPR, subsequently referring it to certain procedural steps taken in the course of administrative proceedings. Moreover, deliberations concerning the processing of personal data which takes place within the scope of administrative proceedings, as well as the role of the parties in such proceedings have been presented.
43
Tupay, Paloma Krõõt, Martin Ebers, Jakob Juksaar, and Kea Kohv. "Is European Data Protection Toxic for Innovative AI? An Estonian Perspective." Juridica International 30 (October 13, 2021): 99–110. http://dx.doi.org/10.12697/ji.2021.30.12.
Full textAbstract:
The General Data Protection Regulation (GDPR) is, together with its seven principles, designed to function as the cornerstone of data protection in the European Union. Although the GDPR was meant to keep up with technological and socioeconomic changes while guaranteeing fundamental rights, its unclear wording with regard to the use of artificial intelligence (AI) systems has led to uncertainty. Therefore, the development and application of ever new AI systems raises various, as yet unresolved questions. Moreover, the complexity of legal requirements poses the risk of inhibiting AI innovation in the European Union. On the other hand, the GDPR gives Member States certain leeway to regulate data processing by public authorities. Therefore, data protection requirements for AI systems in public administration must be assessed under both the GDPR and national law. Against this backdrop, the article aims to guide the reader through the relevant data-protection rules applicable to AI systems in both the EU and in Estonia.
44
Puljak, Livia, Anamarija Mladinić, Ron Iphofen, and Zvonimir Koporc. "Before and after enforcement of GDPR." Biochemia medica 30, no. 3 (October 12, 2020): 363–70. http://dx.doi.org/10.11613/bm.2020.030201.
Full textAbstract:
Introduction The European Union’s (EU) General Data Protection Regulation (GDPR) was put in force on 25th May 2018. It is not known how many personal data protection requests the national authority in Croatia had received before and after GDPR, and how many of those were related to research. Materials and methods We obtained data from the Croatian Personal Data Protection Agency (CPDPA) about requests/complaints related to personal data protection that were received specifically from academic/research institutions, specifically the number and type of all cases/requests between the years 2015-2019. Results In 2018, CPDPA had a dramatic increase in the number of requests in the post-GDPR period, compared to the pre-GDPR period of the same year. In 2019, CPDPA received 2718 requests/complaints; less than in the year 2018. From 2015 to 2019, CPDPA received only 37 requests related to research. Conclusions Very few requests about personal data protection from academic and research institutions in Croatia were submitted to the national Croatian data protection authority. Future studies could explore whether researchers have sufficient awareness and knowledge about personal data protection related to research, to adequately implement the GDPR regulations.
45
Bailey, Josephine. "Data Protection in UK Library and Information Services: Are We Ready for GDPR?" Legal Information Management 18, no. 1 (March 2018): 28–34. http://dx.doi.org/10.1017/s1472669618000063.
Full textAbstract:
AbstractAgainst a backdrop of increasing data security and privacy concerns, current data protection law will soon be overhauled by the General Data Protection Regulation (GDPR). Previous research has indicated a lack of data protection management in libraries, however, it has been nine years since the latest study. This article by Josephine Bailey aims to provide an updated review of the extent of data protection management in UK library and information services and gauge preparation for the incoming GDPR.
46
Hemmings, Nicholas, and Joseph Noar. "Data protection is changing − the new general data protection regulations (GDPR)." Orthodontic Update 11, no. 3 (July 2, 2018): 110–14. http://dx.doi.org/10.12968/ortu.2018.11.3.110.
Full text
47
Pehlivan, Ceyhun Necati, and Inés Isidro Read. "Blockchain and Data Protection: A Compatible Couple?" Global Privacy Law Review 1, Issue 1 (February 1, 2020): 39–48. http://dx.doi.org/10.54648/gplr2020005.
Full textAbstract:
In recent years, blockchain, the underlying technology behind cryptocurrencies, such as Bitcoin, has emerged as one of the technological innovations with the greatest potential to transform the economy and society. As various European institutions and data protection authorities point out, this type of technologies may, by its very nature, be unable to comply with the General Data Protection Regulation (GDPR). We believe that, in order to understand the risks that the use of blockchain technology could pose, it is necessary to examine the architecture and the specific characteristics of the technology in question, in particular the way in which personal data are stored or processed. Thus, the impact of blockchain on the privacy and personal data of data subjects generally requires analysis on a case-by-case basis. We conclude that, while there are some tensions to be resolved, blockchain technology is not per se incompatible with the GDPR. blockchain, DLT, data protection, privacy, GDPR, cryptocurrency
48
Georgiou, Dimitra, and Costas Lambrinoudakis. "Compatibility of a Security Policy for a Cloud-Based Healthcare System with the EU General Data Protection Regulation (GDPR)." Information 11, no. 12 (December 17, 2020): 586. http://dx.doi.org/10.3390/info11120586.
Full textAbstract:
Currently, there are several challenges that cloud-based healthcare systems around the world are facing. The most important issue is to ensure security and privacy, or in other words, to ensure the confidentiality, integrity, and availability of the data. Although the main provisions for data security and privacy were present in the former legal framework for the protection of personal data, the General Data Protection Regulation (GDPR) introduces new concepts and new requirements. In this paper, we present the main changes and the key challenges of the GDPR and, at the same time, we present how a cloud-based security policy could be modified in order to be compliant with the GDPR, as well as how cloud environments can assist developers to build secure and GDPR compliant cloud-based healthcare systems. The major concept of this paper is dual-purpose; primarily, to facilitate cloud providers in comprehending the framework of the new GDPR and secondly, to identify security measures and security policy rules, for the protection of sensitive data in a cloud-based healthcare system, following our risk-based security policy methodology that assesses the associated security risks and takes into account different requirements from patients, hospitals, and various other professional and organizational actors.
49
Park, Minjung, Sangmi Chai, and Myoungjun Lee. "A Study on the Establishment of Data Protection Officer(DPO) Position under GDPR Enactment." Journal of Korean Institute of Communications and Information Sciences 43, no. 2 (February 28, 2018): 427–38. http://dx.doi.org/10.7840/kics.2018.43.2.427.
Full text
50
Piao, Yangheran, Kai Ye, and Xiaohui Cui. "A Data Sharing Scheme for GDPR-Compliance Based on Consortium Blockchain." Future Internet 13, no. 8 (August 21, 2021): 217. http://dx.doi.org/10.3390/fi13080217.
Full textAbstract:
After the General Data Protection Regulation (GDPR) was introduced, some organizations and big data companies shared data without conducting any privacy protection and compliance authentication, which endangered user data security, and were punished financially for this reason. This study proposes a blockchain-based GDPR compliance data sharing scheme, aiming to promote compliance with regulations and provide a tool for interaction between users and service providers to achieve data security sharing. The zero-knowledge Succinct Non-Interactive Arguments of Knowledge (zk-SNARK) algorithm is adopted for protecting data and ensure that the user’s private data can satisfy the individual requirements of the service provider without exposing user data. The proposed scheme ensures mutual authentication through the Proof of Authority consensus based on the Committee Endorsement Mechanism (CEM-PoA), and prevents nodes from doing evil using the reputation incentive mechanism. Theoretical analysis and performance comparison indicate that the scheme meets the confidentiality, availability, and other indicators. It has superiority in efficiency and privacy protection compared with other schemes.