Articles de revues sur le sujet « The GDPR »
Pour voir les autres types de publications sur ce sujet consultez le lien suivant : The GDPR.
Créez une référence correcte selon les styles APA, MLA, Chicago, Harvard et plusieurs autres
Consultez les 50 meilleurs articles de revues pour votre recherche sur le sujet « The GDPR ».
À côté de chaque source dans la liste de références il y a un bouton « Ajouter à la bibliographie ». Cliquez sur ce bouton, et nous générerons automatiquement la référence bibliographique pour la source choisie selon votre style de citation préféré : APA, MLA, Harvard, Vancouver, Chicago, etc.
Vous pouvez aussi télécharger le texte intégral de la publication scolaire au format pdf et consulter son résumé en ligne lorsque ces informations sont inclues dans les métadonnées.
Parcourez les articles de revues sur diverses disciplines et organisez correctement votre bibliographie.
1
Iramina, Aline. « GDPR v. GDPL ». Law, State and Telecommunications Review 12, no 2 (13 octobre 2020) : 91–117. http://dx.doi.org/10.26512/lstr.v12i2.34692.
Texte intégralRésumé :
Purpose ”“ The main purpose of this article is to analyze the aspects of the responsiveness approach adopted by European and Brazilian lawmakers in the elaboration of data protection rules, such as GDPR and LGPD.
Methodology ”“ The applied methodology is based on the responsive regulation theory and, additionally, the network governance theory, through the comparative analysis of personal data protection legal frameworks in Brazil and the EU.
Findings ”“ Based on the comparative analysis of the GDPR and the LGPD, it is verified the adoption of escalated regulatory techniques of Ayres and Braithwaite’s enforcement pyramid in the developed of these norms, as a strategy adopted by lawmakers to guarantee a greater compliance from regulated entities.
2
Kaczyńska-Kral, Agata M. « Spór kompetencyjny Ministra Cyfryzacji oraz Prezesa Urzędu Ochrony Danych Osobowych na podstawie art. 33 Prawa przedsiębiorców ». Studia Iuridica 77 (20 mars 2019) : 59–67. http://dx.doi.org/10.5604/01.3001.0013.1866.
Texte intégralRésumé :
On the basis of the Polish law of entrepreneurs, a competency dispute arose between the Minister of Digitization and the President of the Office of Personal Data Protection. Both authorities deem it appropriate to interpret GDPR. The Minister of Digitization believes that he is authorized because of the rights to create a policy in the field of personal data protection. The President of the Office for Personal Data Protection believes that he is authorized as a supervisory body according to GDRP and the competent authority for the protection of personal data. Due to the fact that the GDPR is an act of a higher rank than the Polish law, it is necessary to admit to the supervisory body that it is the only person entitled to a binding interpretation of GDPR regulations.
3
MacGregor Pelikánová, Radka, et Eva Daniela Cvik. « Impact of GDPR Security Measures on the Intellectual Property and Unfair Competition ». Acta Universitatis Agriculturae et Silviculturae Mendelianae Brunensis 66, no 6 (2018) : 1535–42. http://dx.doi.org/10.11118/actaun201866061535.
Texte intégralRésumé :
The Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”) created a duty to implement appropriate technical and organizational measures to ensure a level of security to protect natural persons with regard to the processing of personal data. Infringement of this duty is severely punished. These GDPR security measures and their operation should effectively and efficiently reflect intellectual property (“IP”) and unfair competition concerns. The theoretic teleological interpretation of the GDPR along with the critical study of the academic literature is complemented by a practical exploratory investigation via a micro‑case study based on interviews of a well‑balanced group of subjects of this GDRP duty – Czech SMEs. Although the yielded results are rather indicative than generally conclusive, they allow to suggest a partial confirmation of the proposed hypotheses that this GDPR duty will have a significant impact on IP and unfair competition. The semi‑conclusions based on the primary and secondary data enlightens the status quo, offers recommendations and brings suggestions for further research.
4
Laybats, Claire, et John Davies. « GDPR ». Business Information Review 35, no 2 (juin 2018) : 81–83. http://dx.doi.org/10.1177/0266382118777808.
Texte intégralRésumé :
This article discusses the main changes to data protection regulation with the introduction of the General Data Protection Regulation (GDPR) that comes into effect on 25 May 2018. It considers the effect on organizations coming under its jurisdiction through an interview with John Davies, Managing Director of digital agency Reading Room, and then goes on to consider the implications for organizations currently out of the geographical area the GDPR controls. It finally considers the implications for the future as the GDPR becomes established.
5
Hirvonen, Pauliina. « Expectations And Mindsets Related To GDPR ». European Conference on Cyber Warfare and Security 21, no 1 (8 juin 2022) : 360–67. http://dx.doi.org/10.34190/eccws.21.1.238.
Texte intégralRésumé :
The aim of this qualitative case study is to examine the initial expectations and assumptions related to General Data Protection Regulation (GDPR) of the European Union from the perspectives of selected Finnish organizations: what were the initial expectations of GDPR, how were they adapted/refined over time, and what was the impact on organizational planning and resourcing. There are no precise earlier studies on the subject. The research question was: What were the organizations’ initial expectations of GDPR - and how have they affected the efforts made? GDPR can be described as an input that forms images, preconceptions and views among other things, through various active and passive communication flows. As the empirical results indicate GDPR has been a legal issue, mainly due to the inadequate and unspecific active, official, communication flows. As a result, organizations have experienced difficulties to scale the necessary GDPR efforts. The results of this research can benefit both privacy and information security managers and personnel responsible for aligning policies and practices, and to evaluate organization-specific actions on GDPR compliance. The results can support regulators and authorities in the future GDPR and other policy work and provide ideas for service providers.
6
Bin Othman, Mohd Bahrin, et Muhammad Faiz Bin Abu Samah. « The Magnitude of GDPR To Malaysia ». Malaysian Journal of Social Sciences and Humanities (MJSSH) 7, no 9 (30 septembre 2022) : e001776. http://dx.doi.org/10.47405/mjssh.v7i9.1776.
Texte intégralRésumé :
The European Union (“EU”) General Data Protection Regulation (“GDPR”) governs any individuals or companies that stores or processes personal information about EU citizens within EU states even if it does not involve a business presence within the EU. Malaysian businesses need to comply with the GDPR as failure to comply will cause disruption or discontinuance of business. This paper aims to understand and evaluate the scope of the GDPR and its effect on personal data protection in Malaysia. It employs a doctrinal qualitative approach by examining the GDPR and the Malaysia Personal Data Protection Act 2010. This paper suggests that the GDPR provides a more comprehensive law with its holistic principles and rights which may provide lessons for Malaysia in protecting personal data as the area covered by the GDPR is broader specifically the non-commercial transactions, its wider range of rights and the extraterritorial applicability.
7
Zanker, Marek, Vladimír Bureš, Anna Cierniak-Emerych et Martin Nehéz. « The GDPR at the Organizational Level : A Comparative Study of Eight European Countries ». E+M Ekonomie a Management 24, no 2 (juin 2021) : 207–22. http://dx.doi.org/10.15240/tul/001/2021-2-013.
Texte intégralRésumé :
The General Data Protection Regulation, also known as the ‘gold standard’ or the ‘Magna Carta’ of cyber laws, is a European regulation that deals with rights in the area of privacy and focuses on data collection, storage and data processing. This manuscript presents the results of investigation in the business sphere from eight countries of the European Union. The research focused on awareness of the GDPR, costs associated with the GDPR, number of trainings, how data are secured and subjective evaluation. The questionnaire was used for data collection. The results show that the majority of employees concerned about the GDPR are able to define the GDPR correctly (64%). The correct identification of personal data is in 95% of cases. The vast majority of respondents (94%) assign the right to personal data protection to the GDPR. Most employees are trained in the GDPR once (46%) or twice (45%). Subsequently, the differences between these countries in some areas of the questionnaire survey were examined. For this purpose, Welch ANOVA with post-test Tukey HSD or Kruskal-Wallis test were used. As a result, knowledge about the personal data do not vary significantly between the countries. In the area of rights, the countries are not again statistically different. As for the number of security countries, statistics do not differ significantly. The subjective assessment of the GDPR is different across the countries. The GDPR is rated worst by companies in the Czech Republic and Slovakia. On the contrary, the GDPR is best perceived by companies in France and the United Kingdom.
8
Seo, Junwoo, Kyoungmin Kim, Mookyu Park, Moosung Park et Kyungho Lee. « An Analysis of Economic Impact on IoT Industry under GDPR ». Mobile Information Systems 2018 (5 décembre 2018) : 1–6. http://dx.doi.org/10.1155/2018/6792028.
Texte intégralRésumé :
The EU GDPR comes into effect on May 25, 2018. Under this regulation, stronger legislation than the existing directive can be enforced. The IoT industry, especially among various industries, is expected to be heavily influenced by GDPR since it uses diverse and vast amounts of personal information. This paper first analyzes how the IoT industry handles personal information and summarizes why it is affected by GDPR. The paper then uses the cost definition of Gordon and Loeb model to estimate how GDPR affects the cost of IoT firms qualitatively and uses the statistical and legal bases to estimate quantitatively. From a qualitative point of view, GDPR impacted the preventative cost and legal cost of the Gordon and Loeb model. Quantitative view showed that the cost of IoT firms after GDPR could increase by three to four times on average and by 18 times if the most. The study finally can be applied to situational awareness of the economic impact on the certain industry.
9
Serrado, João, Ruben Filipe Pereira, Miguel Mira da Silva et Isaías Scalabrin Bianchi. « Information security frameworks for assisting GDPR compliance in banking industry ». Digital Policy, Regulation and Governance 22, no 3 (11 août 2020) : 227–44. http://dx.doi.org/10.1108/dprg-02-2020-0019.
Texte intégralRésumé :
Purpose Data can nowadays be seen as the main asset of organizations and data leaks have a considerable impact on the organization’s image, revenues and possible consequences to the affected clients. One of the most critical industries is the bank. Information security frameworks (ISF) have been created to assist organizations and other frameworks evolved to update these domain practices. Recently, the European Union decided to create the general data protection regulation (GDPR), applicable to all organizations dealing with personal data of citizens residing in the European Union. Although considered a general regulation, GDPR implementation needs to align with some industries’ laws and policies. Especially in the Bank industry. How these ISF can assist the implementation of GDPR is not clear. Design/methodology/approach The design science research process was followed and semi-structured interviews performed. Findings A list of practices to assist the bank industry in GDPR implementation is provided. How each practice map with assessed ISF and GDPR requirements is also presented. Research limitations/implications As GDPR is a relatively recent subject, it is hard to find experts in the area. It is more difficult if the authors intend to find experienced people in the GDPR and bank industry. That is one of the main reasons this study does not include more interviews. Originality/value This research provides a novel artefact to the body of knowledge. The proposed artefact lists which ISF practices banks should implement to comply with GDPR. By doing it the artefact provides a centralized view about which ISF frameworks (or part of them) could be implemented to help banks comply with GDPR.
10
Harris, David, Susie Samuel et Edmunda Probert. « GDPR confusion ». Veterinary Record 183, no 12 (28 septembre 2018) : 388.1–388. http://dx.doi.org/10.1136/vr.k3956.
Texte intégral
11
Breitbarth, P. « GDPR Implementation Series ∙ Netherlands : The GDPR Implementation Act ». European Data Protection Law Review 4, no 3 (2018) : 360–65. http://dx.doi.org/10.21552/edpl/2018/3/15.
Texte intégral
12
Lisiak-Felicka, Dominika, et Maciej Szmit. « GDPR implementation in public administrationin Poland – 1.5 year after : An empirical analysis ». Journal of Economics and Management 43 (2021) : 1–21. http://dx.doi.org/10.22367/jem.2021.43.01.
Texte intégralRésumé :
Aim/purpose – The paper contains descriptive exploratory research on the implementa- tion of General Data Protection Requirements (GDPR) in a group of Polish public ad- ministration offices. The purpose of this research is to investigate the current state of personal data protection in the entities surveyed. Design/methodology/approach – The diagnostic survey method using the Computer Assisted Web Interview was employed. The survey was conducted in local government administration offices a year and a half after the GDPR implementation. Findings – All marshal offices and the majority of districts (about 80%) confirmed that they comply with all the GDPR requirements. The situation was slightly worse in munic- ipal offices – about 23% of them declared that they do not comply with all the GDPR requirements. In officials’ opinion this situation may be improved by conducting training for employees, employee engagement, and appropriate support of the office manage- ment. Another aspect that draws attention is a very small budget dedicated to the GDPR implementation and maintenance in most of the offices surveyed. Research implications/limitations – The limitation of the findings is the relatively low responsiveness of the questionnaire survey. Originality/value/contribution – The research concerns a relatively new subject. The state of personal data protection in public administration in Poland after 18 months of the GDPR implementation was analyzed. So far, there is no comprehensive research that has been conducted into this field in local government administration. Keywords: General Data Protection Regulation (GDPR), public administration, personal data, GDPR implementation, data protection breaches. JEL Classification: M15, H83, K24.
13
Cvik, Eva Daniela, Radka MacGregor Pelikánová et Michal Malý. « Selected Issues from the Dark Side of the General Data Protection Regulation ». Review of Economic Perspectives 18, no 4 (1 décembre 2018) : 387–407. http://dx.doi.org/10.2478/revecp-2018-0020.
Texte intégralRésumé :
Abstract The Regulation (EU) 2016/679 on the protection of personal data (GDPR) was enacted in 2016 and applies from 25thMay 2018 in the entire EU. The GDPR is a product of an ambitious reform and represents a direct penetration of the EU law into the legal systems of the EU member states. The EU works on the enhancement of awareness about the GDPR and points out its bright side. However, the GDPR has its dark side as well, which will inevitably have a negative impact. Hence, the goal of this paper is twofold - (i) to scientifically identify, forecast, and analyze selected problematic aspects of the GDPR and its implementation, in particular for Czech municipalities, and (ii) to propose recommendations about how to reduce, or even avoid, their negative impacts. These theoretic analyses are projected to a Czech case study focusing on municipalities, which offers fresh primary data and allows a further refining of the proposed recommendations. An integral part of the performed analyses is also a theoretic forecast of expenses linked to the GDPR, which municipalities will have to include in their mandatory expenses and mid-term prognostic expectations regarding the impact on the budgets of these municipalities from Central Bohemia. The GDPR, like Charon, is at the crossing, the capacity and knowledge regarding its application is critical for operating in the EU in 2018. It is time both to admit that the GDPR has its dark side and to present real and practical recommendations about how to mitigate it.
14
Diamantopoulou, Vasiliki, Aggeliki Tsohou et Maria Karyda. « From ISO/IEC27001:2013 and ISO/IEC27002:2013 to GDPR compliance controls ». Information & ; Computer Security 28, no 4 (8 juin 2020) : 645–62. http://dx.doi.org/10.1108/ics-01-2020-0004.
Texte intégralRésumé :
Purpose This paper aims to identify the controls provisioned in ISO/IEC 27001:2013 and ISO/IEC 27002:2013 that need to be extended to adequately meet, data protection requirements set by the General Data Protection Regulation (GDPR); it also indicates security management actions an organisation needs to perform to fulfil GDPR requirements. Thus, ISO/IEC 27001:2013 compliant organisations, can use this paper as a basis for extending the already existing security control modules towards data protection; and as guidance for reaching compliance with the regulation. Design/methodology/approach This study has followed a two-step approach; first, synergies between ISO/IEC 27001:2013 modules and GDPR requirements were identified, by analysing all 14 control modules of the ISO/IEC 27001:2013 and proposing the appropriate actions towards the satisfaction of data protection requirements. Second, this paper identified GDPR requirements not addressed by ISO/IEC 27001:2013. Findings The findings of this work include the identification of the common ground between the security controls that ISO/IEC 27001:2013 includes and the requirements that the GDPR imposes; the actions that need to be performed based on these security controls to adequately meet the data protection requirements that the GDPR imposes; and the identification of the remaining actions an ISO/IEC 27001 compliant organisation needs to perform to be able to adhere with the GDPR. Originality/value This paper provides a gap analysis and a further steps identification regarding the additional actions that need to be performed to allow an ISO/IEC 27001:2013 certified organisation to be compliant with the GDPR.
15
Dalrymple, H. W. « The general data protection regulation, the clinical trial regulation and some complex interplay in paediatric clinical trials ». European Journal of Pediatrics 180, no 5 (18 janvier 2021) : 1371–79. http://dx.doi.org/10.1007/s00431-021-03933-3.
Texte intégralRésumé :
AbstractAlthough a number of authors have commented upon the impact of the GDPR on clinical trial conduct, few have examined the specific setting of paediatric trials. Whilst the general principles are the same as those for adults, some additional considerations arise. The ages of consent relating to data privacy and clinical trial participation are different in a number of countries, but the distinction is often not recognised in non-drug trials. Accidental pregnancies in clinical trials always raise complexities, but these are amplified when the trial subject is a minor, and the processes described in clinical trial protocols rarely take account of GDPR requirements. This paper describes approaches which can be taken to ensure the rights of children are respected.Conclusion: The conduct of paediatric clinical trials within GDPR requirements is quite possible provided authors think carefully when drafting protocols. What is Known:•GDPR is applicable to clinical trials, including paediatric trials.•A number of challenges at the interface between the GDPR and CTR have been described. What is New:•The application of the GDPR to certain specific situations in paediatric trials does not appear to have been explored.•Three such situations are described and solutions offered.
16
Martínez, Francisco García. « Analysis of the US Privacy Model ». International Journal of Hyperconnectivity and the Internet of Things 3, no 1 (janvier 2019) : 43–52. http://dx.doi.org/10.4018/ijhiot.2019010103.
Texte intégralRésumé :
The creation of the General Data Protection Regulation (GDPR) constituted an enormous advance in data privacy, empowering the online consumers, who were doomed to the complete loss of control of their personal information. Although it may first seem that it only affects companies within the European Union, the regulation clearly states that every company who has businesses in the EU must be compliant with the GDPR. Other non-EU countries, like the United States, have seen the benefits of the GDPR and are already developing their own privacy laws. In this article, the most important updates introduced by the GDPR concerning US corporations will be discussed, as well as how American companies can become compliant with the regulation. Besides, a comparison between the GDPR and the state of art of privacy in the US will be presented, highlighting similarities and disparities at the national level and in states of particular interest.
17
Bhaimia, Sahar. « The General Data Protection Regulation : the Next Generation of EU Data Protection ». Legal Information Management 18, no 1 (mars 2018) : 21–28. http://dx.doi.org/10.1017/s1472669618000051.
Texte intégralRésumé :
AbstractThis article, written by Sahar Bhaimia, presents an overview of the General Data Protection Regulation (EU) (2016/679) (GDPR) which will apply automatically across the EU on 25 May 2018. The GDPR is an update and reform of existing EU data protection law, first established by the Data Protection Directive (1995/46/EC). The article is for knowledge managers and information services professionals who may be asked to take on responsibility for GDPR, and focuses on the UK. It covers the fundamentals of EU data protection law, highlights key changes brought about by the GDPR, and provides practical tips and suggestions for knowledge managers.
18
Tsohou, Aggeliki, Emmanouil Magkos, Haralambos Mouratidis, George Chrysoloras, Luca Piras, Michalis Pavlidis, Julien Debussche, Marco Rotoloni et Beatriz Gallego-Nicasio Crespo. « Privacy, security, legal and technology acceptance elicited and consolidated requirements for a GDPR compliance platform ». Information & ; Computer Security 28, no 4 (16 avril 2020) : 531–53. http://dx.doi.org/10.1108/ics-01-2020-0002.
Texte intégralRésumé :
Purpose General data protection regulation (GDPR) entered into force in May 2018 for enhancing personal data protection. Even though GDPR leads toward many advantages for the data subjects it turned out to be a significant challenge. Organizations need to implement long and complex changes to become GDPR compliant. Data subjects are empowered with new rights, which, however, they need to become aware of. GDPR compliance is a challenging matter for the relevant stakeholders calls for a software platform that can support their needs. The aim of data governance for supporting GDPR (DEFeND) EU project is to deliver such a platform. The purpose of this paper is to describe the process, within the DEFeND EU project, for eliciting and analyzing requirements for such a complex platform. Design/methodology/approach The platform needs to satisfy legal and privacy requirements and provide functionalities that data controllers request for supporting GDPR compliance. Further, it needs to satisfy acceptance requirements, for assuring that its users will embrace and use the platform. In this paper, the authors describe the methodology for eliciting and analyzing requirements for such a complex platform, by analyzing data attained by stakeholders from different sectors. Findings The findings provide the process for the DEFeND platform requirements’ elicitation and an indicative sample of those. The authors also describe the implementation of a secondary process for consolidating the elicited requirements into a consistent set of platform requirements. Practical implications The proposed software engineering methodology and data collection tools (i.e. questionnaires) are expected to have a significant impact for software engineers in academia and industry. Social implications It is reported repeatedly that data controllers face difficulties in complying with the GDPR. The study aims to offer mechanisms and tools that can assist organizations to comply with the GDPR, thus, offering a significant boost toward the European personal data protection objectives. Originality/value This is the first paper, according to the best of the authors’ knowledge, to provide software requirements for a GDPR compliance platform, including multiple perspectives.
19
Hofman, Darra, Victoria Louise Lemieux, Alysha Joo et Danielle Alves Batista. « “The margin between the edge of the world and infinite possibility” ». Records Management Journal 29, no 1/2 (11 mars 2019) : 240–57. http://dx.doi.org/10.1108/rmj-12-2018-0045.
Texte intégralRésumé :
Purpose This paper aims to explore a paradoxical situation, asking whether it is possible to reconcile the immutable ledger known as blockchain with the requirements of the General Data Protection Regulations (GDPR), and more broadly privacy and data protection. Design/methodology/approach This paper combines doctrinal legal research examining the GDPR’s application and scope with case studies examining blockchain solutions from an archival theoretic perspective to answer several questions, including: What risks are blockchain solutions said to impose (or mitigate) for organizations dealing with data that is subject to the GDPR? What are the relationships between the GDPR principles and the principles of archival theory? How can these two sets of principles be aligned within a particular blockchain solution? How can archival principles be applied to blockchain solutions so that they support GDPR compliance? Findings This work will offer an initial exploration of the strengths and weaknesses of blockchain solutions for GDPR compliant information governance. It will present the disjunctures between GDPR requirements and some current blockchain solution designs and implementations, as well as discussing how solutions may be designed and implemented to support compliance. Immutability of information recorded on a blockchain is a differentiating positive feature of blockchain technology from the perspective of trusted exchanges of value (e.g. cryptocurrencies) but potentially places organizations at risk of non-compliance with GDPR if personally identifiable information cannot be removed. This work will aid understanding of how blockchain solutions should be designed to ensure compliance with GDPR, which could have significant practical implications for organizations looking to leverage the strengths of blockchain technology to meet their needs and strategic goals. Research limitations/implications Some aspects of the social layer of blockchain solutions, such as law and business procedures, are also well understood. Much less well understood is the data layer, and how it serves as an interface between the social and the technical in a sociotechnical system like blockchain. In addition to a need for more research about the data/records layer of blockchains and compliance, there is a need for more information governance professionals who can provide input on this layer, both to their organizations and other stakeholders. Practical implications Managing personal data will continue to be one of the most challenging, fraught issues for information governance moving forward; given the fairly broad scope of the GDPR, many organizations, including those outside of the EU, will have to manage personal data in compliance with the GDPR. Blockchain technology could play an important role in ensuring organizations have easily auditable, tamper-resistant, tamper-evident records to meet broader organizational needs and to comply with the GDPR. Social implications Because the GDPR professes to be technology-neutral, understanding its application to novel technologies such as blockchain provides an important window into the broader context of compliance in evolving information governance spaces. Originality/value The specific question of how GDPR will apply to blockchain information governance solutions is almost entirely novel. It has significance to the design and implementation of blockchain solutions for recordkeeping. It also provides insight into how well “technology-neutral” laws and regulations actually work when confronted with novel technologies and applications. This research will build upon significant bodies of work in both law and archival science to further understand information governance and compliance as we are shifting into the new GDPR world.
20
Linden, Thomas, Rishabh Khandelwal, Hamza Harkous et Kassem Fawaz. « The Privacy Policy Landscape After the GDPR ». Proceedings on Privacy Enhancing Technologies 2020, no 1 (1 janvier 2020) : 47–64. http://dx.doi.org/10.2478/popets-2020-0004.
Texte intégralRésumé :
AbstractThe EU General Data Protection Regulation (GDPR) is one of the most demanding and comprehensive privacy regulations of all time. A year after it went into effect, we study its impact on the landscape of privacy policies online. We conduct the first longitudinal, in-depth, and at-scale assessment of privacy policies before and after the GDPR. We gauge the complete consumption cycle of these policies, from the first user impressions until the compliance assessment. We create a diverse corpus of two sets of 6,278 unique English-language privacy policies from inside and outside the EU, covering their pre-GDPR and the post-GDPR versions. The results of our tests and analyses suggest that the GDPR has been a catalyst for a major overhaul of the privacy policies inside and outside the EU. This overhaul of the policies, manifesting in extensive textual changes, especially for the EU-based websites, comes at mixed benefits to the users.While the privacy policies have become considerably longer, our user study with 470 participants on Amazon MTurk indicates a significant improvement in the visual representation of privacy policies from the users’ perspective for the EU websites. We further develop a new workflow for the automated assessment of requirements in privacy policies. Using this workflow, we show that privacy policies cover more data practices and are more consistent with seven compliance requirements post the GDPR. We also assess how transparent the organizations are with their privacy practices by performing specificity analysis. In this analysis, we find evidence for positive changes triggered by the GDPR, with the specificity level improving on average. Still, we find the landscape of privacy policies to be in a transitional phase; many policies still do not meet several key GDPR requirements or their improved coverage comes with reduced specificity.
21
Tauqeer, Amar, Anelia Kurteva, Tek Raj Chhetri, Albin Ahmeti et Anna Fensel. « Automated GDPR Contract Compliance Verification Using Knowledge Graphs ». Information 13, no 10 (24 septembre 2022) : 447. http://dx.doi.org/10.3390/info13100447.
Texte intégralRésumé :
In the past few years, the main research efforts regarding General Data Protection Regulation (GDPR)-compliant data sharing have been focused primarily on informed consent (one of the six GDPR lawful bases for data processing). In cases such as Business-to-Business (B2B) and Business-to-Consumer (B2C) data sharing, when consent might not be enough, many small and medium enterprises (SMEs) still depend on contracts—a GDPR basis that is often overlooked due to its complexity. The contract’s lifecycle comprises many stages (e.g., drafting, negotiation, and signing) that must be executed in compliance with GDPR. Despite the active research efforts on digital contracts, contract-based GDPR compliance and challenges such as contract interoperability have not been sufficiently elaborated on yet. Since knowledge graphs and ontologies provide interoperability and support knowledge discovery, we propose and develop a knowledge graph-based tool for GDPR contract compliance verification (CCV). It binds GDPR’s legal basis to data sharing contracts. In addition, we conducted a performance evaluation in terms of execution time and test cases to validate CCV’s correctness in determining the overhead and applicability of the proposed tool in smart city and insurance application scenarios. The evaluation results and the correctness of the CCV tool demonstrate the tool’s practicability for deployment in the real world with minimum overhead.
22
McDonagh, Maeve. « Putting the Fox in Charge ? Political Parties and the GDPR : An Irish Perspective ». European Public Law 26, Issue 2 (1 juin 2020) : 363–90. http://dx.doi.org/10.54648/euro2020048.
Texte intégralRésumé :
In the wake of Cambridge Analytica, the use of personal data by political parties has been subject to increased scrutiny. Given the specific policy challenges which such use poses, this article examines the conditions for the lawful processing of personal data under the General Data Protection Regulation (GDPR), as it applies to political parties. It identifies the extensive flexibilities afforded by the GDPR to Member States and argues that granular Member State analysis is required if the GDPR regime is to be meaningfully evaluated in this context. Using Ireland as a detailed case study and referencing the equivalent provisions of the UK Data Protection Act 2018 (DPA UK) for comparison, the article examines the different ways in which these Member States responded to the flexibility afforded by the GDPR. Based on this, the article argues that closer engagement with the issue of political parties by the European Data Protection Board is needed in order to provide a more fine-grained response which bridges the space between the ‘one size fits all’ approach in the GDPR and the wide-ranging discretion of the flexibilities afforded to Member States. GDPR, political parties, lawful processing, freedom of expression, public interest, European Data Protection Board
23
Islam, Md Toriqul, Mariyam Sahula et Mohammad Ershadul Karim. « UNDERSTANDING GDPR : ITS LEGAL IMPLICATIONS AND RELEVANCE TO SOUTH ASIAN PRIVACY REGIMES ». UUM Journal of Legal Studies 13, No.1 (31 janvier 2022) : 45–76. http://dx.doi.org/10.32890/uumjls2022.13.1.3.
Texte intégralRésumé :
Emerging as a buzzword, the General Data Protection Regulation (GDPR) has had immense implications on global data protection regimes. The GDPR appears as a worldwide standard for protecting personal data based on the omnibus legal substance, extensive extraterritorial scope, and influential market of the European Union (EU). It resulted in a global wave where countries are either adopting new legislation or modifying existing data privacy laws to comply with the GDPR. Historically, the South Asian region, abode to one-fifth of the world’s people, has strong trade and economic ties with Europe. As reflected in current bilateral or multilateral trade agreements, the EU tends to be one of the largest trading partners of most South Asian countries. Therefore, it is understandable that the EU’s norms, laws, policies, particularly the GDPR, would have far-reaching impacts on South Asian countries. However, the issue has not been yet evaluated in legal academic settings that require an analysis of GDPR’s overview and its impacts on South Asian privacy regimes. The findings of this doctrinal legal study, together with the sharing of a brief overview of the GDPR and South Asian privacy regimes, reiterate the influence of GDPR in this region. The findings of this research also have the prospects to enlighten the stakeholders in understanding the GDPR and its implications on global as well as South Asian privacy regimes. This article concludes with several suggestions and policy alternatives that policymakers can explore in South Asia and beyond in designing their potential personal data protection policy strategies.
24
Petroiu, M. « GDPR Implementation Series ∙ Romania : Overview of the GDPR Implementation ». European Data Protection Law Review 4, no 3 (2018) : 366–69. http://dx.doi.org/10.21552/edpl/2018/3/16.
Texte intégral
25
Freitas, Pedro Miguel. « The General Data Protection Regulation : an overview of the penalties’ provisions from a Portuguese standpoint ». UNIO – EU Law Journal 4, no 2 (30 août 2018) : 99–104. http://dx.doi.org/10.21814/unio.4.2.10.
Texte intégralRésumé :
The aim of this paper is to analyse the punitive regime foreseen in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR). The administrative fines’ regime found in Article 83 of the GDPR and some of the questions it arises will be explored. We conclude that the Member States should adopt a critical stance when adapting their national legislation to the norms of the GDPR. The fundamental principles enshrined in national constitutions and supranational legal texts must be closely analysed and observed since the GDPR introduces a mandatory sanctions framework.
26
Costina, Loredana, et Adrian Corobană. « GDPR impact on the Romanian health clinics ». Proceedings of the International Conference on Business Excellence 15, no 1 (1 décembre 2021) : 908–16. http://dx.doi.org/10.2478/picbe-2021-0084.
Texte intégralRésumé :
Abstract The General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679 came into effect on the 25 of May 2018 and changed the way both companies and consumers look at the importance of personal data. While the Regulation aimed to offer better protection of personal data, it also posed many challenges for the companies processing such data. A special category of personal data are the health data, considered sensitive data under the GDPR and subject to special conditions regarding the processing. Therefore, one of the main industries that was highly impacted by GDPR was the healthcare industry. The challenges that the industry faces, especially private small health clinics, are unique among the private companies. Starting from the legal provisions that the healthcare industry must comply to under GDPR, the article analysis the main mistakes that heal clinics make, the causes of such mistakes and the main challenges faced by health clinics, with the aim of offering possible solutions for a better application of the GDPR principles in the activity of health clinics for the benefit of both the healthcare industry and the patient.
27
Georgiopoulou, Zafeiroula, Eleni-Laskarina Makri et Costas Lambrinoudakis. « GDPR compliance : proposed technical and organizational measures for cloud provider ». Information & ; Computer Security 28, no 5 (8 juin 2020) : 665–80. http://dx.doi.org/10.1108/ics-01-2020-0009.
Texte intégralRésumé :
Purpose The purpose of this paper is to give a brief guidance on what a cloud provider should consider and what further actions to take to comply with General Data Protection Regulation (GDPR). Design/methodology/approach This paper presents in detail the requirements for GDPR compliance of cloud computing environments, presents the GDPR roles (data controller and data processor) in a cloud environment and discusses the applicability of GDPR compliance requirements for each cloud architecture (Infrastructure as a Service, Platform as a Service, Software as a Service), proposes countermeasures for satisfying the aforementioned requirements and demonstrates the applicability of the aforementioned requirements and countermeasures to a PaaS environment offering services for building, testing, deploying and managing applications through cloud managed data centers. The applicability of the method has been demonstrated on in a PaaS environment that offers services for building, testing, deploying and managing applications through cloud managed data centers. Findings The results of the proposed GDPR compliance measures for cloud providers highlight the effort and criticality required from cloud providers to achieve compliance. Originality/value
28
Hallinan, Dara, Franziska Boehm, Annika Külpmann et Malte Elson. « Information Provision for Informed Consent Procedures in Psychological Research Under the General Data Protection Regulation : A Practical Guide ». Advances in Methods and Practices in Psychological Science 6, no 1 (janvier 2023) : 251524592311519. http://dx.doi.org/10.1177/25152459231151944.
Texte intégralRésumé :
Psychological research often involves the collection and processing of personal data from human research participants. The European General Data Protection Regulation (GDPR) applies, as a rule, to psychological research conducted on personal data in the European Economic Area (EEA)—and even, in certain cases, to psychological research conducted on personal data outside the EEA. The GDPR elaborates requirements concerning the forms of information that should be communicated to research participants whenever personal data are collected directly from them. There is a general norm that informed consent should be obtained before psychological research involving the collection of personal data directly from research participants is conducted. The information required to be provided under the GDPR is normally communicated in the context of an informed consent procedure. There is reason to believe, however, that the information required by the GDPR may not always be provided. Our aim in this tutorial is thus to provide general practical guidance to psychological researchers allowing them to understand the forms of information that must be provided to research participants under the GDPR in informed consent procedures.
29
URZICEANU, RAMONA-MIHAELA, et VALENTINA-SIMONA PAŞCALĂU. « DIGITAL MARKETING REGULATIONS ». Agora International Journal of Juridical Sciences 13, no 1 (29 octobre 2019) : 25–30. http://dx.doi.org/10.15837/aijjs.v13i1.3729.
Texte intégralRésumé :
The General Data Protection Regulation (GDPR) is a European law which grants rights regarding an individual’s personal data. Having been adopted in April 2016, its enforcement became effective as of 25th May 2018.This article aims to highlight who should do this, what exactly they should do and how to do it. Learn about the scope of GDPR in digital marketing, the definition of a personal data breach, the rights of data subjects, incident response under GDPR and more.
30
Cambronero, M. Emilia, Miguel A. Martínez, José Luis de la Vara, David Cebrián et Valentín Valero. « GDPRValidator : a tool to enable companies using cloud services to be GDPR compliant ». PeerJ Computer Science 8 (1 décembre 2022) : e1171. http://dx.doi.org/10.7717/peerj-cs.1171.
Texte intégralRésumé :
This article presents a tool called GDPRValidator that aims to assist small and medium-sized enterprises (SMEs) that have migrated their services, or a part of them, to the cloud to be General Data Protection Regulation (GDPR) compliant when they manage and store employees’ or customers’ data in the cloud. As these companies have a limited budget to hire legal experts to guide them in complying with GDPR, the main objective of this tool is to help SMEs to be more competitive by saving a considerable amount of money. By using GDPRValidator, these companies can learn and begin the GDPR compliance process by themselves and decide whether it will be necessary to hire GDPR legal experts in the end. GDPRValidator implements a process that aids companies in compliance analysis and validation and generates a series of documents with recommendations. These documents do not guarantee full GDPR compliance, but they can help the company better understand the regulation and improve its data management strategies. In order to validate the efficiency and efficacy of the tool, two SMEs have used it and provided feedback about its perceived ease of use and its perceived usefulness for understanding and complying with GDPR. The results of the validation showed that, for both companies, the degree of perceived usefulness and ease of use of GDPRValidator is quite good. All the scores expressed agreement.
31
Gal, Michal S., et Oshrit Aviv. « The Competitive Effects of the GDPR ». Journal of Competition Law & ; Economics 16, no 3 (18 mai 2020) : 349–91. http://dx.doi.org/10.1093/joclec/nhaa012.
Texte intégralRésumé :
Abstract The GDPR is the Magna Carta of data protection, the importance of which cannot be overstated. Yet, as this article shows, the price of data protection through the GDPR is much higher than previously recognized. The GDPR creates two main harmful effects on competition and innovation: it limits competition in data markets, creating more concentrated market structures and entrenching the market power of those who are already strong; and it limits data sharing between different data collectors, thereby preventing the realization of some data synergies which may lead to better data-based knowledge. To illustrate its claims, the article analyzes the competitive dynamics created by the GDPR, focusing on how it affects the options available to firms for amassing the data necessary for their operations, and their resultant ability to realize economies of scale and scope in data analysis. It identifies seven main parallel and cumulative market dynamics that may limit data collection and data sharing, only some of which have been recognized so far. As shown, under some market conditions, the GDPR has unintended and so far unrecognized effects on competition, efficiency, innovation, and the resultant welfare. The dynamics identified in this article offer partial explanations for some of the troubling empirical evidence regarding investment in EU data-driven markets following the adoption of the GDPR. Furthermore, the analysis enables us to identify which effects are short-term and which are here to stay. The effects on competition and innovation identified may justify a reevaluation of the balance reached to ensure that overall welfare is increased. The article suggests some means of reducing harmful competitive effects, while still protecting the vital goal of privacy, including reaching a better balance between data protection and competition law, reducing uncertainty in the GDPR, creating certification mechanisms for GDPR compliance, and structuring of mandatory data-sharing obligations under other laws in a way, which is sensitive to the dynamics of data markets.
32
Penić, Sanja, et Kristian Saletović. « Okvir za uvođenje i provjeru GDPR-a u malim i srednje velikim poduzećima ». Obrazovanje za poduzetništvo - E4E 11, no 1 (14 juin 2021) : 67–81. http://dx.doi.org/10.38190/ope.11.1.6.
Texte intégralRésumé :
Opća uredba o zaštiti osobnih podataka (Uredba (EU) 2016/697 poznata kao GDPR) počela se primjenjivati u svibnju 2018. godine te je imala znatan utjecaj na organizaciju poslovnih procesa u poduzećima. Posebno su to osjetila mala i srednje velika poduzeća za koje GDPR predstavlja dodatno opterećenje zbog ionako ograničenih resursa. Okvir za implementaciju i reviziju prethodno implementiranih zahtjeva definiranih GDPR-om predstavljen u ovom radu rezultat je informacija iz znanstvene literature i spoznaja dobivenih revizijom već implementirane Uredbe u dva mala poduzeća. Cilj je ovog rada je doprinijeti razumijevanju poteškoća s kojim se suočavaju mala i srednje velika poduzeća pri implementaciji GDPR-a. U radu je korištena studije slučaja. Dobiveni rezultati pokazali su da, iako je prošlo već dvije godine od prve implementacije, još postoji nerazumijevanje terminologije i obaveza u smislu svakodnevne primjene.
33
Al-Fayad, Fadye Saud. « The European Union’s GDPR and Its Effect on Data-Driven Marketing Strategies ». International Journal of Marketing Studies 12, no 1 (24 février 2020) : 39. http://dx.doi.org/10.5539/ijms.v12n1p39.
Texte intégralRésumé :
This research paper analyzes the developing effect that the European Union’s (EU) recently developed General Data Protection Regulation (GDPR) will have on the marketing strategies of firms that rely on big data. Big data is identified as consisting of data and data analytics involving a huge volume of data, a diverse variety of data, and a high velocity of data capture and collection. This analysis begins with some discussion of the concept of big data and follows this up with overviews of both the GDPR and big data use in the marketplace. The EU replaced its older Data Protection Directive or DPD with the GDPR. The GDPR consists of a series of chapters and articles that require, among other things, consent to collect and store data, the anonymization of data, announcement in 72 hours of a data breach, provision of encryption and the identification of a Data Protection Officer. Marketing and the marketing function can implement emergent technologies that augment big data and its analysis while simultaneously achieving compliance with regulatory frameworks like the GDPR. These marketing related solutions are those such as blockchain marketing applications like Brave Browser and Blockstack among others. The report also examines the way in which enterprises use big data in their marketing strategies and how they are affected by it now that it has come into effect. Some of the more marketing-oriented uses and applications of big data are found in sophisticated loyalty programs, demand forecasting and customization either of experience or product/service. This study also offers some final recommendations related to GDPR compliant marketing strategies. These include the development of a comprehensive program to purchase consumer data directly from consumers and the introduction of blockchain as a means to facilitate a smoother transition to GDPR compliance.
34
Lach, Daniel Eryk. « Przetwarzanie i ochrona danych dotyczących zdrowia przez organizatora systemu opieki zdrowotnej ». Studia Prawa Publicznego, no 3 (31) (15 octobre 2020) : 53–72. http://dx.doi.org/10.14746/spp.2020.3.31.3.
Texte intégralRésumé :
The protection of individuals regarding to the processing of personal data is one of the fundamental rights. The General Data Protection Regulation (GDPR) lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data. Data concerning health is one of the areas the GDPR defines as special personal data, the so-called sensitive data. With regard to these data, the GDPR allows their processing only on an exceptional basis, in certain situations. According to Art. 6 sec. 1 let. e GDPR and art. 9 sec. 2 let. b GDPR, data processing is allowed, inter alia, when such processing is necessary for the purposes of meeting the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law. In turn, Art. 9 sec. 2 let. h GDPR permits the processing of health data that is necessary for the purposes of providing health or social care or treatment, or for managing health or social care systems and services on the basis of European Union or Member State law. The article discusses the national legal regulations regarding the collection and processing of personal data concerning health in the light of the organization of the health care system and the tasks of the National Health Fund (NFZ) as a placeholder, whose task is only to manage financial resources and conclude health care contracts on its own behalf with independent healthcare providers and their accounting. Against the background of the GDPR, the author discusses the provisions of the acts on health care services financed from public funds and on the information system in health care. Finally, specific regulation regarding the COVID-19 pandemic are presented.
35
Gunst, Simon, et Ferdi De Ville. « The Brussels Effect : How the GDPR Conquered Silicon Valley ». European Foreign Affairs Review 26, Issue 3 (1 octobre 2021) : 437–58. http://dx.doi.org/10.54648/eerr2021036.
Texte intégralRésumé :
In 2018, the Californian government adopted a new data protection framework. The flagship of this framework is the California Consumer Privacy Act (CCPA). As this new framework is widely considered to resemble the European Union’s (EU’s) General Data Protection Regulation (GDPR), this article intends to investigate whether the Brussels Effect could explain this resemblance. We apply process-tracing to test if the Brussels Effect causally connects the GDPR with the CCPA. The analysis is based on a careful evaluation of three sets of evidence. Firstly, privacy policies of Apple, Facebook, and Google are examined. Secondly, lobbying concerning the alignment of the implementation of the CCPA with the GDPR is scrutinized. Lastly, it is investigated whether the Californian government has used arguments linked to the Brussels Effect while drafting the CCPA and its subsequent implementing regulations. It is concluded that the Brussels Effect has indeed played a role in the adoption of the CCPA. Nevertheless, it has become clear that the impact of the Effect varies depending on exactly which provision of the GDPR is examined. Brussels Effect, process-tracing, California, CCPA, European Union, GDPR, Data Protection, Lobbying, Big Tech
36
Presthus, Wanda, et Hanne Sørum. « Consumer perspectives on information privacy following the implementation of the GDPR ». International Journal of Information Systems and Project Management 7, no 3 (27 octobre 2021) : 19–34. http://dx.doi.org/10.12821/ijispm070302.
Texte intégralRésumé :
The General Data Protection Regulation (GDPR) was implemented in the European Union and European Economic Area in May 2018. The GDPR aims to strengthen consumers’ rights to data privacy in the wake of technological developments like big data and artificial intelligence. This was a hot topic for stakeholders, such as lawyers, companies and consumers, prior to the GDPR’s implementation. This paper investigates to what extent consumers are concerned about information privacy issues following the implementation of the GDPR. We present findings from an online survey conducted during spring 2019 among 327 Norwegian consumers, as well as findings from a survey conducted immediately prior to the implementation of the GDPR in spring 2018. We draw the following conclusions: (1) consumers gained significant knowledge about their information privacy from the GDPR, but felt relatively little need to execute their enhanced rights; (2) about 50% of respondents believed themselves to have control over their data, while almost 40% stated that they had no control about their personal data; and (3) consumers largely trusted companies to manage their personal data. These insights are of interest to both academia and to industries that deal with personal data.
37
Almeida Teixeira, Gonçalo, Miguel Mira da Silva et Ruben Pereira. « The critical success factors of GDPR implementation : a systematic literature review ». Digital Policy, Regulation and Governance 21, no 4 (10 juin 2019) : 402–18. http://dx.doi.org/10.1108/dprg-01-2019-0007.
Texte intégralRésumé :
Purpose The digital paradigm people live in today, which drastically increased the consumption of data, is a threat to their privacy. To create a high level of privacy protection for its citizens, the European Union proposed the General Data Protection Regulation (GDPR), which introduces obligations for organizations regarding the storing, processing, collecting and disclosing of data. This paper aims to identify the critical success factors of GDPR implementation. Design/methodology/approach A systematic literature review was conducted by following a strict review protocol, where 32 documents were found relevant to perform the review and to answer to the proposed research questions. Findings The critical success factors of GDPR implementation were identified, including barriers and enablers. Furthermore, benefits of complying with GDPR were identified. Research limitations/implications As GDPR is a relatively recent subject, there are still few scientific papers about it. Therefore, the authors were unable to neither identify nor present a robust conclusion regarding specific topics, such as practical outcomes. Originality/value On the basis of the literature, the identified critical success factors may be useful for organizations as these can be better prepared to achieve compliance by prioritizing the enablers and avoiding the barriers.
38
Andreisová, Lucie. « Analysis of the Impact of the GDPR on Third-Party Risk Management Programs and Related Recommendations for Domestic as Well as International Corporate World ». Business and Management Studies 6, no 1 (10 janvier 2020) : 1. http://dx.doi.org/10.11114/bms.v6i1.4683.
Texte intégralRésumé :
The General Data Protection Regulation (hereinafter also the “GDPR”) has imposed several new rules on organisations (business companies) to protect EU individuals’ personal data. Organisations that are data controllers or data processors need to have assurance that their third-party suppliers/vendors as well as sub-contractors comply with applicable GDPR requirements – in other words, they are now responsible for personal data managed by their third-parties. The question however remains, whether and how they are ready to manage this in their business practice? Compliance with the above indicated GDPR requirements comprises of a specific methodical approach that should be carefully integrated into the existing third-party risk management programs. The success of this integration builds on several crucial considerations. Before weighing those, it is important to understand how GDPR (Article 28 in particular) places new requirements on suppliers/vendors and affects the overall third-party relationships. Considering the above, this paper discusses the specific GDPR requirements which were enacted to strengthen companies’ third-party risk management processes and includes a set of practical recommendations on how to establish/amend such programs in the corporate world.
39
Puljak, Livia, Anamarija Mladinić, Ron Iphofen et Zvonimir Koporc. « Before and after enforcement of GDPR ». Biochemia medica 30, no 3 (12 octobre 2020) : 363–70. http://dx.doi.org/10.11613/bm.2020.030201.
Texte intégralRésumé :
Introduction The European Union’s (EU) General Data Protection Regulation (GDPR) was put in force on 25th May 2018. It is not known how many personal data protection requests the national authority in Croatia had received before and after GDPR, and how many of those were related to research. Materials and methods We obtained data from the Croatian Personal Data Protection Agency (CPDPA) about requests/complaints related to personal data protection that were received specifically from academic/research institutions, specifically the number and type of all cases/requests between the years 2015-2019. Results In 2018, CPDPA had a dramatic increase in the number of requests in the post-GDPR period, compared to the pre-GDPR period of the same year. In 2019, CPDPA received 2718 requests/complaints; less than in the year 2018. From 2015 to 2019, CPDPA received only 37 requests related to research. Conclusions Very few requests about personal data protection from academic and research institutions in Croatia were submitted to the national Croatian data protection authority. Future studies could explore whether researchers have sufficient awareness and knowledge about personal data protection related to research, to adequately implement the GDPR regulations.
40
Węgrzyn, Justyna. « Granting of Consent by a Child for the Processing of Their Personal Data Within the Framework of Information Society Services ». Przegląd Prawa Konstytucyjnego 67, no 3 (30 juin 2022) : 363–72. http://dx.doi.org/10.15804/ppk.2022.03.27.
Texte intégralRésumé :
For a long time, it has been observed that services available in the virtual world, such as social networks, gaming platforms, music streaming services, have attracted the interest of internet users of different ages. They include children, who require special protection as relates to the processing of their personal data. These issues have been addressed by the EU legislator in Art. 8 of GDPR2. The purpose of this paper is to analyze the solutions adopted in Article 8 GDPR and to assess their application in practice.
41
Żołyński, Janusz. « RODO jako ustawowe źródło prawa pracy w rozumieniu art. 9 k.p. » Studia z zakresu Prawa Pracy i Polityki Społecznej 27, no 4 (2020) : 231–49. http://dx.doi.org/10.4467/25444654spp.20.022.12609.
Texte intégralRésumé :
GDPR as statutory source of labour law within the meaning of Art. 9 of the Labour Code This study shows that certain EU regulations, like GDPR which was directly implemented into the Polish legal system, are to be considered the source of labour law. Therefore, the collective agreements concluded on their basis must be considered the “peculiar” source of labour law. As a consequence, the collective agreements concluded on the basis of GDPR become the source of labour law in force in Poland, and thus are normative in nature.
42
Shastri, Supreeth, Melissa Wasserman et Vijay Chidambaram. « GDPR anti-patterns ». Communications of the ACM 64, no 2 (25 janvier 2021) : 59–65. http://dx.doi.org/10.1145/3378061.
Texte intégral
43
Sørebø, Øystein, Jan Ivar Fredriksen, Fatbardh Simnica et Håkon Marcos Jøntvedt Mollestad. « EUs personvernforordning (GDPR) ». Praktisk økonomi & ; finans 36, no 03 (1 octobre 2020) : 240–56. http://dx.doi.org/10.18261/issn.1504-2871-2020-03-07.
Texte intégral
44
Shemtob, Lara. « GPDPR versus GDPR ». British Journal of General Practice 71, no 710 (26 août 2021) : 419. http://dx.doi.org/10.3399/bjgp21x717005.
Texte intégral
45
Martland, Rebecca. « GDPR : Individual rights ». Child Care 15, no 5 (2 mai 2018) : 2–3. http://dx.doi.org/10.12968/chca.2018.15.5.2.
Texte intégral
46
Ciliberti, D. « GDPR Implementation Series ∙ Malta : An Overview of the GDPR Implementation ». European Data Protection Law Review 6, no 4 (2020) : 580–85. http://dx.doi.org/10.21552/edpl/2020/4/15.
Texte intégral
47
Celeste, Edoardo, et Giovanni De Gregorio. « Digital Humanism : The Constitutional Message of the GDPR ». Global Privacy Law Review 3, Issue 1 (1 février 2022) : 4–18. http://dx.doi.org/10.54648/gplr2022002.
Texte intégralRésumé :
This article aims to analyse the constitutional message of the General Data Protection Regulation (GDPR) in the age of artificial intelligence. Although the GDPR does not formally have any constitutional character, it can be said to play a para-constitutional role from a functional point of view: it translates and implements core constitutional principles in the context of the algorithmic society. This article traces the legislative origin of the GDPR’s framework on automated decision-making showing that it aims to enhance a series of key constitutional values, preserving human autonomy, increasing legal certainty, and providing procedural safeguards. The article finally highlights how the GDPR is promoting a constitutional message deeply rooted in a new form of ‘digital humanism’: a conception of the digital society where the human being and her dignity should resolutely outrank machines, technology and, ultimately, economic efficiency. artificial intelligence, GDPR, digital humanism, rule of law, human dignity, constitutionalism
48
Pichler, Davorin. « Građansko-pravni aspekti opće Uredbe o zaštiti osobnih podataka (GDPR) u provođenju ljekarničke prakse ». Zbornik radova Pravnog fakulteta u Splitu 58, no 2 (7 mai 2021) : 657–73. http://dx.doi.org/10.31141/zrpfs.2021.58.140.657.
Texte intégralRésumé :
Od samog stupanja na snagu, mogao se steći dojam da adresati dočekuju primjenu GDPR-a nepripremljeni. U radu će se istaknuti određeni problemi koji su se pojavili u usklađivanju ljekarničke prakse sa zahtjevima iz GDPR-a. Odredbe GDPR-a koje se odnose na pretpostavke valjanosti privole za obradu osobnih podataka korespondiraju sa zahtjevima za valjanost obaviještenog pristanka u suvremenim pravnim porecima. Ako se privola za upis osobnih podataka u bazu podataka vrši elektroničkim putem, treba istaknuti da istu vrijednost kao vlastoručan potpis ima samo kvalificirani elektronički potpis. Odredbe u GDPR-u koje se odnose na odgovornost za štetu, ukazuju da se odgovornost osoba uključenih u obradu osobnih podataka (voditelj i izvršitelj obrade) procjenjuje temeljem pravila o subjektivnoj odgovornosti. Postavlja se i pitanje je li podnošenje pritužbe nadzornom tijelu, odnosno nerješavanje nadležnog tijela po pritužbi, procesna pretpostavka za pokretanje postupka za naknadu štete pred nadležnim sudom.
49
Zhang, Yibo, Tawei Wang et Carol Hsu. « The effects of voluntary GDPR adoption and the readability of privacy statements on customers’ information disclosure intention and trust ». Journal of Intellectual Capital 21, no 2 (20 novembre 2019) : 145–63. http://dx.doi.org/10.1108/jic-05-2019-0113.
Texte intégralRésumé :
Purpose The purpose of this paper is to examine the impacts of companies’ voluntary adoption of the General Data Protection Regulation (GDPR) as well as the readability of privacy statements on US customers’ intention to disclose information and their trust in a company. Design/methodology/approach Building on the construal level theory and psychological distance, the authors conduct a 2 × 2 + 2 between-participants experiment with 255 participants. Findings The findings show that a company’s voluntary adoption of the GDPR has positive effects on customers’ intention to disclose information to and their trust in that company. In addition, the effects of GDPR adoption are stronger when the adopting company’s privacy statements possess a higher level of readability. Originality/value The authors believe this study poses policy implications for the outcomes of GDPR adoption and the recent debate on both a stricter data breach and privacy regulation.
50
Jung, Sung-Soo, Sang-Joon Lee et Ieck-Chae Euom. « Delegation-Based Personal Data Processing Request Notarization Framework for GDPR Based on Private Blockchain ». Applied Sciences 11, no 22 (10 novembre 2021) : 10574. http://dx.doi.org/10.3390/app112210574.
Texte intégralRésumé :
With the growing awareness regarding the importance of personal data protection, many countries have established laws and regulations to ensure data privacy and are supervising managements to comply with them. Although various studies have suggested compliance methods of the general data protection regulation (GDPR) for personal data, no method exists that can ensure the reliability and integrity of the personal data processing request records of a data subject to enable its utilization as a GDPR compliance audit proof for an auditor. In this paper, we propose a delegation-based personal data processing request notarization framework for GDPR using a private blockchain. The proposed notarization framework allows the data subject to delegate requests to process of personal data; the framework makes the requests to the data controller, which performs the processing. The generated data processing request and processing result data are stored in the blockchain ledger and notarized via a trusted institution of the blockchain network. The Hypderledger Fabric implementation of the framework demonstrates the fulfillment of system requirements and feasibility of implementing a GDPR compliance audit for the processing of personal data. The analysis results with comparisons among the related works indicate that the proposed framework provides better reliability and feasibility for the GDPR audit of personal data processing request than extant methods.