The GDPR at the Organizational Level: A Comparative Study of Eight European Countries

DSpace Repository

Show simple item record Zanker, Marek Bureš, Vladimír Cierniak-Emerych, Anna Nehéz, Martin
dc.contributor.other Ekonomická fakulta cs 2021-06-04T08:54:58Z 2021-06-04T08:54:58Z
dc.identifier.issn 1212-3609
dc.description.abstract The General Data Protection Regulation, also known as the ‘gold standard’ or the ‘Magna Carta’ of cyber laws, is a European regulation that deals with rights in the area of privacy and focuses on data collection, storage and data processing. This manuscript presents the results of investigation in the business sphere from eight countries of the European Union. The research focused on awareness of the GDPR, costs associated with the GDPR, number of trainings, how data are secured and subjective evaluation. The questionnaire was used for data collection. The results show that the majority of employees concerned about the GDPR are able to define the GDPR correctly (64%). The correct identification of personal data is in 95% of cases. The vast majority of respondents (94%) assign the right to personal data protection to the GDPR. Most employees are trained in the GDPR once (46%) or twice (45%). Subsequently, the differences between these countries in some areas of the questionnaire survey were examined. For this purpose, Welch ANOVA with post-test Tukey HSD or Kruskal-Wallis test were used. As a result, knowledge about the personal data do not vary significantly between the countries. In the area of rights, the countries are not again statistically different. As for the number of security countries, statistics do not differ significantly. The subjective assessment of the GDPR is different across the countries. The GDPR is rated worst by companies in the Czech Republic and Slovakia. On the contrary, the GDPR is best perceived by companies in France and the United Kingdom. en
dc.format text
dc.language.iso en
dc.publisher Technická Univerzita v Liberci cs
dc.publisher Technical university of Liberec, Czech Republic en
dc.relation.ispartof Ekonomie a Management cs
dc.relation.ispartof Economics and Management en
dc.relation.isbasedon Abdulghani, H. A., Nijdam, N. A., Collen, A., & Konstantas, D. (2019). A Study on Security and Privacy Guidelines, Countermeasures, Threats: IoT Data at Rest Perspective. Symmetry, 11(6), 774.
dc.relation.isbasedon Andrew, J., & Baker, M. (2019). The General Data Protection Regulation in the Age of Surveillance Capitalism. Journal of Business Ethics, 168(3), 1–14.
dc.relation.isbasedon Bach, R. L., Kern, C., Amaya, A., Keusch, F., Kreuter, F., Hecht, J., & Heinemann, J. (2019). Predicting Voting Behavior Using Digital Trace Data. Social Science Computer Review.
dc.relation.isbasedon Botta, M., & Wiedemann, K. (2019). The Interaction of EU Competition, Consumer, and Data Protection Law in the Digital Economy: The Regulatory Dilemma in the Facebook Odyssey. The Antitrust Bulletin, 64(3), 428–446.
dc.relation.isbasedon Bovenberg, J., Peloquin, D., Bierer, B., Barnes, M., & Knoppers, B. M. (2020). How to fix the GDPR’s frustration of global biomedical research: Sharing of data for research beyond the EU must improve. Science, 370(6512), 40–42.
dc.relation.isbasedon Breen, S., Ouazzane, K., & Patel, P. (2020). GDPR: Is your consent valid? Business Information Review, 37(1), 19–24.
dc.relation.isbasedon Brodin, M. (2019). A Framework for GDPR Compliance for Small- and Medium-Sized Enterprises. European Journal for Security Research, 4(2), 243–264.
dc.relation.isbasedon Bureš, V., Jašíková, V., Otčenášková, T., Kolerová, K., Zubr, V., & Marešová, P. (2012). A Comprehensive View on Evaluation of Cluster Initiatives. In J. Politis (Ed.), Proceedings of the 8th European Conference on Management Leadership and Governance (ECMLG). (pp. 74–79). Pafos, Cyprus. Reading: Academic Conferences International.
dc.relation.isbasedon Cisco. (2019, February 11). Požadavky GDPR dnes splňuje 59 % podniků, odhaluje průzkum Cisco [The Cisco research reveals: The GDPR requirements are met in 59% of companies only].
dc.relation.isbasedon Czech News Agency & (2019, July 12). Rekordní pokuta. Facebook zaplatí pět miliard dolarů za porušení soukromí [Record fine. Facebook will pay $ 5 billion for privacy violations].
dc.relation.isbasedon De Hert, P., Papakonstantinou, V., Malgieri, G., Beslay, L., & Sanchez, I. (2018). The right to data portability in the GDPR: Towards user-centric interoperability of digital services. Computer Law & Security Review, 34(2), 193–203.
dc.relation.isbasedon Donnelly, M., & McDonagh, M. (2019). Health Research, Consent and the GDPR Exemption. European Journal of Health Law, 26(2), 97–119.
dc.relation.isbasedon Duncan, B., & Zhao, Y. (2018). Risk Management for Cloud Compliance with the EU General Data Protection Regulation. In 2018 International Conference on High Performance Computing Simulation (HPCS), Orleans, France (pp. 664–671).
dc.relation.isbasedon Eckert, N. (2019, April 30). What Are the Real Costs of GDPR Compliance? GDPR.365.
dc.relation.isbasedon European Commission. (2018). The GDPR: New opportunities, new obligations: what every business needs to know about the EU General Data Protection Regulation (Report). Luxembourg: Publications Office of the European Union. Retrieved from
dc.relation.isbasedon European Commission. (2019). What does the General Data Protection Regulation (GDPR) govern?
dc.relation.isbasedon European Commission. (2020a). EU data protection rules.
dc.relation.isbasedon European Commission. (2020b). White Paper on Artificial Intelligence a European approach to excellence and trust (Report). Brussels: European Commission. Retrieved from
dc.relation.isbasedon European Union. (2016). Regulation (EU) 2016/679 of The European Parliament and of the Council. Official Journal of the European Union. Retrieved from
dc.relation.isbasedon Gal, M. S., & Aviv, O. (2020). The Competitive Effects of the GDPR. Journal of Competition Law & Economics, 16(3), 349–391.
dc.relation.isbasedon (2019a). Data anonymization and GDPR compliance: The case of Taxa 4×35.
dc.relation.isbasedon (2019b). GDPR checklist for data controllers.
dc.relation.isbasedon (2019c). GDPR-compliant services for businesses.
dc.relation.isbasedon (2019d, May). GDPR Small Business Survey: Insights from European small business leaders one year into the General Data Protection Regulation (Report). Brussels: Retrieved from
dc.relation.isbasedon Gideon, L. (Ed.). (2012). Handbook of Survey Methodology for the Sciences. New York, NY: Springer-Verlag.
dc.relation.isbasedon Gregory Voss, W., & Houser, K. A. (2019). Personal Data and the GDPR: Providing a Competitive Advantage for U.S. Companies. American Business Law Journal, 56(2), 287–344.
dc.relation.isbasedon Härting, R. C., Kaim, R., & Ruch, D. (2020). Impacts of the Implementation of the General Data Protection Regulations (GDPR) in SME Business Models – An Empirical Study with a Quantitative Design. In G. Jezic, J. Chen-Burger, M. Kusek, R. Sperka, R. Howlett, & L. Jain (Eds.), Agents and Multi-Agent Systems: Technologies and Applications 2020: Smart Innovation, Systems and Technologies (Vol. 186, pp. 295–303). Singapore: Springer.
dc.relation.isbasedon IBM. (2020). SPSS Statistics – Overview.
dc.relation.isbasedon IT Governance Privacy Team. (2020). EU General Data Protection Regulation (GDPR) – An implementation and compliance guide (4th ed.). Ely: IT Governance Publishing.
dc.relation.isbasedon Kasse, J. P., Xu, L., deVrieze, P., & Bai, Y. (2018). The Need for Compliance Verification in Collaborative Business Processes. In L. Camarinha-Matos, H. Afsarmanesh, & Y. Rezgui (Eds.), Collaborative Networks of Cognitive Systems. PRO-VE 2018. IFIP Advances in Information and Communication Technology (Vol. 534, pp. 217–229). Cham: Springer.
dc.relation.isbasedon Korpisaari, P. (2019). GDPR Implementation Series ∙ Finland: A Brief Overview of the GDPR Implementation. European Data Protection Law Review, 5(2), 232–237.
dc.relation.isbasedon Lachaud, E. (2020). What GDPR tells about certification. Computer Law and Security Review, 38, 105457.
dc.relation.isbasedon Li, H., Yu, L., & He, W. (2019). The Impact of GDPR on Global Technology Development. Journal of Global Information Technology Management, 22(1), 1–6.
dc.relation.isbasedon Luxatia International. (2019). GDPR Statistics from the First Year (Infographic).
dc.relation.isbasedon Malgieri, G. (2019). Automated decision-making in the EU Member States: The right to explanation and other “suitable safeguards” in the national legislations. Computer Law & Security Review, 35(5), 105327.
dc.relation.isbasedon Marelli, L., Lievevrouw, E., & Van Hoyweghen, I. (2020). Fit for purpose? The GDPR and the governance of European digital health. Policy Studies, 41(5), 447–467.
dc.relation.isbasedon Meijering, L., Osborne, T., Hoorn, E., & Montagner, C. (2020). How the GDPR can contribute to improving geographical research. Geoforum, 117, 291–295.
dc.relation.isbasedon Mikulecký, P., Olševičová, K., Bureš, V., & Mls, K. (2011). Possibilities of Ambient Intelligence and Smart Environments in Educational Institutions. In N. Y. Chong, & F. Matrogiovanni (Eds.), Handbook of Research on Ambient Intelligence and Smart Environments: Trends and Perspectives (pp. 620–639). Hersey, PA: IGI Global.
dc.relation.isbasedon Mitrou, L. (2020). GDPR implementation series: Greece: The new data protection framework. European Data Protection Law Review, 6(1), 107–113.
dc.relation.isbasedon National Cyber and Information Security Agency. (2019a, June 21). České energetické firmy čelily cvičným kybernetickým útokům [Czech energy companies faced training cyber attacks].
dc.relation.isbasedon National Cyber and Information Security Agency. (2019b). GDPR (obecné nařízení) [GDPR: General Regulation].
dc.relation.isbasedon O’Brien, R. (2016). Privacy and security: The new European data protection regulation and it’s data breach notification requirements. Business Information Review, 33(2), 81–84.
dc.relation.isbasedon Peloquin, D., DiMaio, M., Bierer, B., & Barnes, M. (2020). Disruptive and avoidable: GDPR challenges to secondary research uses of data. European Journal of Human Genetics, 28(6), 697–705.
dc.relation.isbasedon Presthus, W., & Sørum, H. (2018). Are Consumers Concerned About Privacy? An Online Survey Emphasizing the General Data Protection Regulation. Computer Science Procedure, 138, 603–611.
dc.relation.isbasedon Puljak, L., Mladinić, A., Iphofen, R., & Koporc, Z. (2020). Before and after enforcement of GDPR: Personal data protection requests received by Croatian Personal Data Protection Agency from academic and research institutions. Biochemia Medica, 30(3), 030201.
dc.relation.isbasedon Radley-Gardner, O., Beale, H., & Zimmermann, R. (Eds.). (2016). Fundamental Texts on European Private Law. Oxford: Hart Publishing.
dc.relation.isbasedon Sajfert, J. (2020). Croatia: Minimum Service for the Implementation, Big Service to the Public Sector. European Data Protection Law Review, 6(2), 281–288.
dc.relation.isbasedon Sobers, R. (2020, June 17). A Year in the Life of the GDPR: Must-Know Stats and Takeaways. Varonis.
dc.relation.isbasedon Sørum, H., & Presthus, W. (2020). Dude, where’s my data? The GDPR in practice, from a consumer’s point of view. Information Technology & People, (ahead-of-print).
dc.relation.isbasedon SPSS. (2020). SPSS One-Way ANOVA Tutorial.
dc.relation.isbasedon Svobodová, L., & Hedvičkáková, M. (2015). Doing Business in the Countries of Visegrad Group. Procedia Economics and Finance, 34, 453–460.
dc.relation.isbasedon Tahal, R., & Formánek, T. (2020). Reflection of GDPR by the Czech Population. Management and Marketing. Challenges for the Knowledge Society, 15(1), 78–94.
dc.relation.isbasedon Tambou, O. (2019). France ∙ Lessons from the First Post-GDPR Fines of the CNIL against Google LLC. European Data Protection Law Review, 5(1), 80–84.
dc.relation.isbasedon Tatar, U., Gokce, Y., & Nussbaum, B. (2020). Law versus technology: Blockchain, GDPR, and tough tradeoffs. Computer Law and Security Review, 38, 105454.
dc.relation.isbasedon Tchinaryan, E. O., Lavrentieva, M. S., Kuchenin, E. S., & Neznamova, A. A. (2019). Digital Technologies of the European Union in Personal Data Protection. International Journal of Innovative Technology and Exploring Engineering, 8(12), 3600–3604.
dc.relation.isbasedon van de Waerdt, P. J. (2020). Information asymmetries: Recognizing the limits of the GDPR on the data-driven market. Computer Law and Security Review, 38, 105436.
dc.relation.isbasedon Vejvodová, A., & Rosůlková, J. (2019). Absurdní rok s GDPR [An absurd year with GDPR]. National Cyber and Information Security Agency.
dc.relation.isbasedon Zahariev, M., & Makshutova, R. (2020). GDPR implementation series ∙ Bulgaria. European Data Protection Law Review, 6(3), 424–432.
dc.rights CC BY-NC
dc.subject General Data Protection Regulation en
dc.subject European countries en
dc.subject personal data en
dc.subject security en
dc.subject privacy en
dc.subject individual rights en
dc.subject.classification K22
dc.subject.classification K42
dc.title The GDPR at the Organizational Level: A Comparative Study of Eight European Countries en
dc.type Article en
dc.publisher.abbreviation TUL
dc.relation.isrefereed true
dc.identifier.doi 10.15240/tul/001/2021-2-013
dc.identifier.eissn 2336-5604
local.relation.volume 24
local.relation.issue 2
local.relation.abbreviation E+M cs
local.relation.abbreviation E&M en
local.faculty Faculty of Economics
local.citation.spage 207
local.citation.epage 222
local.access open
local.fulltext yes

Files in this item

This item appears in the following Collection(s)

Show simple item record

Search DSpace

Advanced Search


My Account