ITMG Term Paper
docx
keyboard_arrow_up
School
American Military University *
*We aren’t endorsed by this school
Course
281
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
12
Uploaded by ocasio703
The Impact of the General Data Protection Regulation (GDPR) on Privacy and Data Protection
Miguel Ocasio
American Military University
ITMG281 I001 Fall 2023
Professor D' Jai Gurley
January 19
th
2024
2
The Impact of the General Data Protection Regulation (GDPR) on Privacy and Data
Protection
Introduction
GDPR, enacted by the European Union (EU) on May 25, 2018, is a landmark in data protection and privacy. This comprehensive regulation bolsters and harmonizes data protection practices across the EU. GDPR applies not only to EU-based organizations, but also to those outside the EU that process EU residents' data. It empowers individuals with heightened control over their personal information, requiring organizations to get explicit consent, respect data rights, and notify data breaches promptly. GDPR emphasizes privacy by design and default, emphasizing the integration of data protection principles into systems and services
(Skiera, 2022). Here's a peek at GDPR's key features, including how it impacts organizations, what it says
to individuals, and what it means for noncompliant individuals, positioning it as a cornerstone of global data protection. Importance of the GDPR in protecting personal data
A big part of safeguarding personal data in the modern digital landscape is the General Data Protection Regulation (GDPR). In the European Union (EU), GDPR lays down strict rules and standards to protect people's personal information. It's important because it gives people more control over their data (Skiera, 2022). The GDPR requires organizations to get explicit consent for data processing, so they have to be transparent. Additionally, GDPR promotes privacy by design and default. In other words, organizations have to integrate data protection measures from the start. As part of the regulation, individuals also get specific rights, like access to their data, rectification, and even erasure.
3
In addition to EU-based businesses, GDPR also applies to those outside the EU that handle personal data of EU residents. Fines for non-compliance with GDPR can be substantial, emphasizing how serious data protection is. This regulation fosters more transparency, accountability, and privacy-centric data management by protecting personal data from unauthorized and unethical uses. Across industries, its influence has shaped data protection practices and set a precedent for privacy laws (Horizon, 2023).
Scope and Application
Territorial scope
The General Data Protection Regulation(GDPR)'s territorial scope defines its jurisdictional reach. As well as organizations in the EU, GDPR applies to organizations outside the EU that process personal data of EU residents. With extraterritorial applicability, personal data isn't restricted by geography. The GDPR applies to non-EU companies if they offer goods or services to EU citizens or monitor their behavior. Any company that processes personal data of EU residents while providing services or goods, regardless of whether payment is required, is subject to GDPR. Also, monitoring behavior, like online tracking or profiling, triggers GDPR for
organizations outside the EU. This broad territorial scope underscores GDPR's global reach, encouraging organizations worldwide to take stringent data protection measures. It's not just a legal requirement, it's also a testament to global recognition of individuals' privacy rights and the
responsibility of organizations to protect them(Horizon, 2023).
Data Controllers and Processors
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4
A lot of personal data is managed and processed by data controllers and processors under the General Data Protection Regulation(GDPR). It's the person or entity that decides how, when, and why personal data is processed. In essence, it controls how and why personal data is processed. This could be an organization, a business, or anything that decides how to process data. An entity that processes personal data on behalf of a data controller is a data processor. Processors handle the data in accordance with instructions from the controller. Any external party that processes personal data on behalf of the controller can be one of these entities(NIH, 2017).
The GDPR puts specific obligations on both data controllers and processors to protect personal data. The controller is responsible for implementing data protection principles, ensuring
transparency, and getting consent. They also have to assess the risks associated with data processing and implement measures to protect data subjects. Under GDPR, processors have their
own responsibilities, like keeping records of processing, implementing security measures, and helping controllers meet their obligations. In GDPR, processors now have direct legal obligations, emphasizing the shared responsibility between controllers and processors. GDPR establishes a comprehensive framework to hold both data controllers and processors accountable for protecting privacy and rights(NIH, 2017).
Exemptions and Derogations
GDPR provides flexibility in some situations through exemptions and derogations. Derogations allow member states to introduce deviations under certain conditions, while exemptions apply in cases where specific GDPR provisions do not apply. There is one notable exception in GDPR that pertains to national security and defense. Members of the EU can adopt
5
measures to safeguard these areas, and GDPR does not limit them in this regard. In addition, GDPR derogations allow member states to set up specific rules for the processing of personal data in areas such as employment, rights and freedoms protection, and criminal investigation(CIPL, 2021). While maintaining a high standard of data protection, GDPR is flexible enough to accommodate different legal, societal, and security contexts across European Union member states. In order to successfully navigate the regulatory landscape, organizations must be aware of these provisions(CIPL, 2021).
Data Subject Rights
Rights to access personal data and right to reification
A major part of the General Data Protection Regulation(GDPR), an EU privacy and data protection framework, is the right to access and rectification of personal information.
The right to access personal data lets individuals know if their data is being processed by data controllers. Individuals have the right to access that data and get information about the purposes, categories, recipients, and retention periods of their personal information. By exercising this right, individuals can verify whether their personal information is being processed lawfully.
Conversely, the right to rectification lets individuals correct inaccurate or incomplete personal data held by data controllers(Bahasa, 2020). The data about an individual can be corrected right away if it's incorrect. Individuals have control over the accuracy of their personal information and can update it as needed. These rights give people more control and transparency over how their data is handled, fostering a more privacy-centric digital landscape. The GDPR requires
6
organizations to facilitate these rights and respond to individuals' requests within certain time frames, promoting accountability and respecting their privacy(Bahasa, 2020).
Data protection impact assessments (DPIAS)
DPIAs are vital to upholding individuals' privacy rights under the General Data Protection Regulation (GDPR). Basically, a DPIA is a systematic evaluation that organizations do before launching specific data processing activities, especially ones that could affect privacy. An effective DPIA involves identifying, documenting, and assessing the nature, scope, and purpose of the data processing, assessing its necessity and proportionality, doing a comprehensive risk assessment, implementing mitigation measures, consulting stakeholders, and documenting it all(Wolford, 2023).
Using DPIAs, organizations address privacy concerns proactively, aligning their data processing with GDPR principles. It encourages organizations to think about how their actions affect people's rights and freedoms, which fosters privacy centricity. As a result of documenting the DPIA process, organizations not only demonstrate compliance with GDPR but also establish a foundation for accountability and transparency. The purpose of DPIAs is to cultivate a privacy-
aware culture, integrating privacy considerations into decision-making processes and mitigating privacy risks(Wolford, 2023).
Challenges Against the General Data Protection Regulation (GDRP)
New Requirements
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
7
There are some new rules in the General Data Protection Regulation (GDPR) to make sure people's data is better protected in the EU. There's one big change: it doesn't just apply to EU companies, but also to companies outside the EU who deal with EU residents' data. There's now a broader range of information covered by the GDPR, so more data types are protected. Privacy by Design and by Default means that companies should think about data protection right from the start when they're creating new products or systems(Wolford, 2023). It's also important that they only collect and use the data they really need. Some companies are also hiring Data Protection Officers (DPOs) who make sure the company follows the data protection rules.
People now have more rights, like the right to see their data, the right to delete it (also known as the right to be forgotten), and the right to move it between services. It's very important for companies to get people's permission before they use their data, and if anything goes wrong, they have to tell the authorities right away. These new rules give people more control over their personal data, and companies have to be open about how they use it.
Hefty Fines and Sanctions
In the General Data Protection Regulation (GDPR), strict rules and penalties were introduced to ensure people's info is protected. If a company doesn't follow these rules, they could get fined. Businesses have to pay these fines if they don't follow data protection rules. Depending on how serious the issue is, the fine can be really high. In order to avoid these fines, companies need to follow the rules about collecting, using, and protecting people's data. When it comes to handling personal data, GDPR wants to make sure everyone's information is safe. To make sure people's privacy is always a priority, these fines encourage companies to take data protection seriously(Wolford, 2023).
8
Impact and Future Trends
Economic impact of the GDPR
There's a lot of economic impact from the General Data Protection Regulation (GDPR) on businesses and organizations within the EU. The GDPR emphasizes individual privacy rights,
giving people more control over their personal data. It's good for individuals, but it's also costing businesses more to comply. Data protection regulations require companies to invest in new technology, staff training, and updated processes(Presidente & Frey, 2022). As a result, there's a growing industry around data protection.
Furthermore, the GDPR has influenced global business practices, since many international companies apply GDPR standards to their entire operations to ensure consistency and simplify compliance. The economic impact also extends to the reputation of businesses; those that demonstrate strong data protection practices are likely to gain trust and positive perception from consumers, potentially increasing sales and loyalty. While GDPR has imposed some economic challenges, it's also spurred innovation, fostered a culture of privacy awareness, and made the internet more robust and secure(Presidente & Frey, 2022).
Future trends and Challenges
GDPR will likely face evolving trends and challenges that will shape the landscape of data protection in the future. A prominent trend is the continuous expansion of digital technology
and the growing volume of data. New ways of collecting and processing data may emerge as technology advances, requiring updates to the GDPR to address these changes. There's also the
9
global influence of GDPR-like regulations. To enhance privacy rights for their citizens, countries
outside the EU may adopt similar data protection frameworks. Business with an international presence might have to navigate a complex web of compliance standards as a result of this(Dpm,
2023).
Keeping the GDPR relevant in the face of emerging risks like artificial intelligence and the Internet of Things is one of the challenges. In addition, finding the right balance between privacy protection and innovation is tough. Policymakers have to find ways to foster innovation while protecting privacy rights as businesses rely more on data-driven strategies. The future of GDPR will involve navigating a dynamic landscape where technological advancements and global regulatory developments will drive the evolution of data protection. It's up to policymakers, businesses, and individuals to address these challenges and keep privacy rights a cornerstone of the digital age(Dpm, 2023).
The Impact of the General Data Protection Regulation (GDPR) on Privacy and Data
Protection
Conclusion
The General Data Protection Regulation (GDPR) is shaping the landscape of privacy and data protection in a big way. With GDPR, the European Union gave individuals more control over their personal information and set a global standard for data protection. Its broad reach and influence are underscored by its comprehensive framework, which applies not just to EU-based organizations, but also to those outside the EU that process EU residents' data(Skiera, 2022).
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
10
It's hard to overstate how important GDPR is to protecting personal data. Transparency, accountability, and privacy-centric data management are the highlights of GDPR. Individual rights, obligations on data controllers and processors, and hefty fines for non-compliance all add up to a more responsible and ethical approach to data handling(Skiera, 2022). The GDPR has spurred innovation, fostered a global culture of privacy awareness, and positioned itself as a cornerstone for data protection, despite the obvious economic impacts. In the future, GDPR will keep evolving, navigating technological advancements and global regulatory developments, with
stakeholders collaborating to address emerging challenges and uphold privacy rights.
11
References:
Bahasa. (2020, October 28). The EU general data protection regulation. Human Rights Watch. https://www.hrw.org/news/2018/06/06/eu-general-data-protection-regulation?
gad_source=1&gclid=Cj0KCQiAqsitBhDlARIsAGMR1RizRP-K-NOHBxwwYxfYYKN-
mJOcLSg4TcM2oGLE5QQrxNIl1zYOYIcaAja7EALw_wcB CIPL. (2021, October 22). Privacy impact assessment. General Data Protection Regulation (GDPR). https://gdpr-info.eu/issues/privacy-impact-assessment/ Dpm. (2023, December 7). Reflecting on a year of privacy: Trends, challenges, and what’s ahead. Data Privacy Manager. https://dataprivacymanager.net/reflecting-on-a-year-of-privacy-
trends-challenges-and-whats-ahead/ Horizon. (2023, September 14). What is GDPR, the EU’s new Data Protection Law? GDPR.eu. https://gdpr.eu/what-is-gdpr/ NIH. (2017, November 11). The impact of the EU general data protection regulation on scientific
research. Presidente, G., & Frey, C. B. (2022, March 10). The GDPR EFFECT: How data privacy regulation shaped firm performance globally. CEPR. https://cepr.org/voxeu/columns/gdpr-effect-
how-data-privacy-regulation-shaped-firm-performance-globally Skiera, B. (2022). ˜the
impact of the GDPR on the online advertising market. Bernd Skiera. Wolford, B. (2023a, September 14). Data Protection Impact Assessment (DPIA). GDPR.eu. https://gdpr.eu/data-protection-impact-assessment-template/
12
Wolford, B. (2023b, September 14). What is GDPR, the EU’s new Data Protection Law? GDPR.eu. https://gdpr.eu/what-is-gdpr/
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help