The GDPR at the Organizational Level: A Comparative Study of Eight European Countries

DSpace Repository

Show simple item record

dc.contributor.author Zanker, Marek
dc.contributor.author Bureš, Vladimír
dc.contributor.author Cierniak-Emerych, Anna
dc.contributor.author Nehéz, Martin
dc.contributor.other Ekonomická fakulta cs
dc.date.accessioned 2021-06-04T08:54:58Z
dc.date.available 2021-06-04T08:54:58Z
dc.identifier.issn 1212-3609
dc.identifier.uri https://dspace.tul.cz/handle/15240/160028
dc.description.abstract The General Data Protection Regulation, also known as the ‘gold standard’ or the ‘Magna Carta’ of cyber laws, is a European regulation that deals with rights in the area of privacy and focuses on data collection, storage and data processing. This manuscript presents the results of investigation in the business sphere from eight countries of the European Union. The research focused on awareness of the GDPR, costs associated with the GDPR, number of trainings, how data are secured and subjective evaluation. The questionnaire was used for data collection. The results show that the majority of employees concerned about the GDPR are able to define the GDPR correctly (64%). The correct identification of personal data is in 95% of cases. The vast majority of respondents (94%) assign the right to personal data protection to the GDPR. Most employees are trained in the GDPR once (46%) or twice (45%). Subsequently, the differences between these countries in some areas of the questionnaire survey were examined. For this purpose, Welch ANOVA with post-test Tukey HSD or Kruskal-Wallis test were used. As a result, knowledge about the personal data do not vary significantly between the countries. In the area of rights, the countries are not again statistically different. As for the number of security countries, statistics do not differ significantly. The subjective assessment of the GDPR is different across the countries. The GDPR is rated worst by companies in the Czech Republic and Slovakia. On the contrary, the GDPR is best perceived by companies in France and the United Kingdom. en
dc.format text
dc.language.iso en
dc.publisher Technická Univerzita v Liberci cs
dc.publisher Technical university of Liberec, Czech Republic en
dc.relation.ispartof Ekonomie a Management cs
dc.relation.ispartof Economics and Management en
dc.relation.isbasedon Abdulghani, H. A., Nijdam, N. A., Collen, A., & Konstantas, D. (2019). A Study on Security and Privacy Guidelines, Countermeasures, Threats: IoT Data at Rest Perspective. Symmetry, 11(6), 774. https://doi.org/10.3390/sym11060774
dc.relation.isbasedon Andrew, J., & Baker, M. (2019). The General Data Protection Regulation in the Age of Surveillance Capitalism. Journal of Business Ethics, 168(3), 1–14. https://doi.org/10.1007/s10551-019-04239-z
dc.relation.isbasedon Bach, R. L., Kern, C., Amaya, A., Keusch, F., Kreuter, F., Hecht, J., & Heinemann, J. (2019). Predicting Voting Behavior Using Digital Trace Data. Social Science Computer Review. https://doi.org/10.1177/0894439319882896
dc.relation.isbasedon Botta, M., & Wiedemann, K. (2019). The Interaction of EU Competition, Consumer, and Data Protection Law in the Digital Economy: The Regulatory Dilemma in the Facebook Odyssey. The Antitrust Bulletin, 64(3), 428–446. https://doi.org/10.1177/0003603X19863590
dc.relation.isbasedon Bovenberg, J., Peloquin, D., Bierer, B., Barnes, M., & Knoppers, B. M. (2020). How to fix the GDPR’s frustration of global biomedical research: Sharing of data for research beyond the EU must improve. Science, 370(6512), 40–42. https://doi.org/10.1126/science.abd2499
dc.relation.isbasedon Breen, S., Ouazzane, K., & Patel, P. (2020). GDPR: Is your consent valid? Business Information Review, 37(1), 19–24. https://doi.org/10.1177/0266382120903254
dc.relation.isbasedon Brodin, M. (2019). A Framework for GDPR Compliance for Small- and Medium-Sized Enterprises. European Journal for Security Research, 4(2), 243–264. https://doi.org/10.1007/s41125-019-00042-z
dc.relation.isbasedon Bureš, V., Jašíková, V., Otčenášková, T., Kolerová, K., Zubr, V., & Marešová, P. (2012). A Comprehensive View on Evaluation of Cluster Initiatives. In J. Politis (Ed.), Proceedings of the 8th European Conference on Management Leadership and Governance (ECMLG). (pp. 74–79). Pafos, Cyprus. Reading: Academic Conferences International.
dc.relation.isbasedon Cisco. (2019, February 11). Požadavky GDPR dnes splňuje 59 % podniků, odhaluje průzkum Cisco [The Cisco research reveals: The GDPR requirements are met in 59% of companies only]. https://www.cisco.com/c/cs_cz/about/news/2019/20190211.html
dc.relation.isbasedon Czech News Agency & iDNES.cz. (2019, July 12). Rekordní pokuta. Facebook zaplatí pět miliard dolarů za porušení soukromí [Record fine. Facebook will pay $ 5 billion for privacy violations]. https://www.idnes.cz/ekonomika/zahranicni/facebook-pokuta-poruseni-ochrana-soukromi-miliard-usa.A190712_221657_eko-zahranicni_pmk
dc.relation.isbasedon De Hert, P., Papakonstantinou, V., Malgieri, G., Beslay, L., & Sanchez, I. (2018). The right to data portability in the GDPR: Towards user-centric interoperability of digital services. Computer Law & Security Review, 34(2), 193–203. https://doi.org/10.1016/j.clsr.2017.10.003
dc.relation.isbasedon Donnelly, M., & McDonagh, M. (2019). Health Research, Consent and the GDPR Exemption. European Journal of Health Law, 26(2), 97–119. https://doi.org/10.1163/15718093-12262427
dc.relation.isbasedon Duncan, B., & Zhao, Y. (2018). Risk Management for Cloud Compliance with the EU General Data Protection Regulation. In 2018 International Conference on High Performance Computing Simulation (HPCS), Orleans, France (pp. 664–671). https://doi.org/10.1109/HPCS.2018.00109
dc.relation.isbasedon Eckert, N. (2019, April 30). What Are the Real Costs of GDPR Compliance? GDPR.365. https://www.gdpr365.com/what-are-the-real-costs-of-gdpr-compliance/
dc.relation.isbasedon European Commission. (2018). The GDPR: New opportunities, new obligations: what every business needs to know about the EU General Data Protection Regulation (Report). Luxembourg: Publications Office of the European Union. Retrieved from https://ec.europa.eu/info/sites/info/files/data-protection-factsheet-sme-obligations_en.pdf
dc.relation.isbasedon European Commission. (2019). What does the General Data Protection Regulation (GDPR) govern? https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-does-general-data-protection-regulation-gdpr-govern_en
dc.relation.isbasedon European Commission. (2020a). EU data protection rules. https://ec.europa.eu/info/law/law-topic/data-protection/eu-data-protection-rules_en
dc.relation.isbasedon European Commission. (2020b). White Paper on Artificial Intelligence a European approach to excellence and trust (Report). Brussels: European Commission. Retrieved from https://ec.europa.eu/info/sites/info/files/commission-white-paper-artificial-intelligence-feb2020_en.pdf
dc.relation.isbasedon European Union. (2016). Regulation (EU) 2016/679 of The European Parliament and of the Council. Official Journal of the European Union. Retrieved from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679
dc.relation.isbasedon Gal, M. S., & Aviv, O. (2020). The Competitive Effects of the GDPR. Journal of Competition Law & Economics, 16(3), 349–391. https://doi.org/10.1093/joclec/nhaa012
dc.relation.isbasedon GDPR.eu. (2019a). Data anonymization and GDPR compliance: The case of Taxa 4×35. https://gdpr.eu/data-anonymization-taxa-4x35/
dc.relation.isbasedon GDPR.eu. (2019b). GDPR checklist for data controllers. https://gdpr.eu/checklist/
dc.relation.isbasedon GDPR.eu. (2019c). GDPR-compliant services for businesses. https://gdpr.eu/compliant-services/
dc.relation.isbasedon GDPR.eu. (2019d, May). GDPR Small Business Survey: Insights from European small business leaders one year into the General Data Protection Regulation (Report). Brussels: GDPR.eu. Retrieved from https://gdpr.eu/wp-content/uploads/2019/05/2019-GDPR.EU-Small-Business-Survey.pdf
dc.relation.isbasedon Gideon, L. (Ed.). (2012). Handbook of Survey Methodology for the Sciences. New York, NY: Springer-Verlag. https://doi.org/10.1007/978-1-4614-3876-2
dc.relation.isbasedon Gregory Voss, W., & Houser, K. A. (2019). Personal Data and the GDPR: Providing a Competitive Advantage for U.S. Companies. American Business Law Journal, 56(2), 287–344. https://doi.org/10.1111/ablj.12139
dc.relation.isbasedon Härting, R. C., Kaim, R., & Ruch, D. (2020). Impacts of the Implementation of the General Data Protection Regulations (GDPR) in SME Business Models – An Empirical Study with a Quantitative Design. In G. Jezic, J. Chen-Burger, M. Kusek, R. Sperka, R. Howlett, & L. Jain (Eds.), Agents and Multi-Agent Systems: Technologies and Applications 2020: Smart Innovation, Systems and Technologies (Vol. 186, pp. 295–303). Singapore: Springer. https://doi.org/10.1007/978-981-15-5764-4_27
dc.relation.isbasedon IBM. (2020). SPSS Statistics – Overview. https://www.ibm.com/products/spss-statistics
dc.relation.isbasedon IT Governance Privacy Team. (2020). EU General Data Protection Regulation (GDPR) – An implementation and compliance guide (4th ed.). Ely: IT Governance Publishing. https://doi.org/10.2307/j.ctv17f12pc
dc.relation.isbasedon Kasse, J. P., Xu, L., deVrieze, P., & Bai, Y. (2018). The Need for Compliance Verification in Collaborative Business Processes. In L. Camarinha-Matos, H. Afsarmanesh, & Y. Rezgui (Eds.), Collaborative Networks of Cognitive Systems. PRO-VE 2018. IFIP Advances in Information and Communication Technology (Vol. 534, pp. 217–229). Cham: Springer. https://doi.org/10.1007/978-3-319-99127-6_19
dc.relation.isbasedon Korpisaari, P. (2019). GDPR Implementation Series ∙ Finland: A Brief Overview of the GDPR Implementation. European Data Protection Law Review, 5(2), 232–237. https://doi.org/10.21552/edpl/2019/2/13
dc.relation.isbasedon Lachaud, E. (2020). What GDPR tells about certification. Computer Law and Security Review, 38, 105457. https://doi.org/10.1016/j.clsr.2020.105457
dc.relation.isbasedon Li, H., Yu, L., & He, W. (2019). The Impact of GDPR on Global Technology Development. Journal of Global Information Technology Management, 22(1), 1–6. https://doi.org/10.1080/1097198X.2019.1569186
dc.relation.isbasedon Luxatia International. (2019). GDPR Statistics from the First Year (Infographic). https://www.luxatiainternational.com/article/gdpr-statistics-from-the-first-year-infographic
dc.relation.isbasedon Malgieri, G. (2019). Automated decision-making in the EU Member States: The right to explanation and other “suitable safeguards” in the national legislations. Computer Law & Security Review, 35(5), 105327. https://doi.org/10.1016/j.clsr.2019.05.002
dc.relation.isbasedon Marelli, L., Lievevrouw, E., & Van Hoyweghen, I. (2020). Fit for purpose? The GDPR and the governance of European digital health. Policy Studies, 41(5), 447–467. https://doi.org/10.1080/01442872.2020.1724929
dc.relation.isbasedon Meijering, L., Osborne, T., Hoorn, E., & Montagner, C. (2020). How the GDPR can contribute to improving geographical research. Geoforum, 117, 291–295. https://doi.org/10.1016/j.geoforum.2020.05.013
dc.relation.isbasedon Mikulecký, P., Olševičová, K., Bureš, V., & Mls, K. (2011). Possibilities of Ambient Intelligence and Smart Environments in Educational Institutions. In N. Y. Chong, & F. Matrogiovanni (Eds.), Handbook of Research on Ambient Intelligence and Smart Environments: Trends and Perspectives (pp. 620–639). Hersey, PA: IGI Global.
dc.relation.isbasedon Mitrou, L. (2020). GDPR implementation series: Greece: The new data protection framework. European Data Protection Law Review, 6(1), 107–113. https://doi.org/10.21552/edpl/2020/1/14
dc.relation.isbasedon National Cyber and Information Security Agency. (2019a, June 21). České energetické firmy čelily cvičným kybernetickým útokům [Czech energy companies faced training cyber attacks]. https://nukib.cz/cs/infoservis/aktuality/1350-ceske-energeticke-firmy-celily-cvicnym-kybernetickym-utokum/
dc.relation.isbasedon National Cyber and Information Security Agency. (2019b). GDPR (obecné nařízení) [GDPR: General Regulation]. https://www.uoou.cz/gdpr-obecne-narizeni/ds-3938/p1=3938
dc.relation.isbasedon O’Brien, R. (2016). Privacy and security: The new European data protection regulation and it’s data breach notification requirements. Business Information Review, 33(2), 81–84. https://doi.org/10.1177/0266382116650297
dc.relation.isbasedon Peloquin, D., DiMaio, M., Bierer, B., & Barnes, M. (2020). Disruptive and avoidable: GDPR challenges to secondary research uses of data. European Journal of Human Genetics, 28(6), 697–705. https://doi.org/10.1038/s41431-020-0596-x
dc.relation.isbasedon Presthus, W., & Sørum, H. (2018). Are Consumers Concerned About Privacy? An Online Survey Emphasizing the General Data Protection Regulation. Computer Science Procedure, 138, 603–611. https://doi.org/10.1016/j.procs.2018.10.081
dc.relation.isbasedon Puljak, L., Mladinić, A., Iphofen, R., & Koporc, Z. (2020). Before and after enforcement of GDPR: Personal data protection requests received by Croatian Personal Data Protection Agency from academic and research institutions. Biochemia Medica, 30(3), 030201. https://doi.org/10.11613/BM.2020.030201
dc.relation.isbasedon Radley-Gardner, O., Beale, H., & Zimmermann, R. (Eds.). (2016). Fundamental Texts on European Private Law. Oxford: Hart Publishing. https://doi.org/10.5040/9781782258674
dc.relation.isbasedon Sajfert, J. (2020). Croatia: Minimum Service for the Implementation, Big Service to the Public Sector. European Data Protection Law Review, 6(2), 281–288. https://doi.org/10.21552/edpl/2020/2/14
dc.relation.isbasedon Sobers, R. (2020, June 17). A Year in the Life of the GDPR: Must-Know Stats and Takeaways. Varonis. https://www.varonis.com/blog/gdpr-effect-review/
dc.relation.isbasedon Sørum, H., & Presthus, W. (2020). Dude, where’s my data? The GDPR in practice, from a consumer’s point of view. Information Technology & People, (ahead-of-print). https://doi.org/10.1108/ITP-08-2019-0433
dc.relation.isbasedon SPSS. (2020). SPSS One-Way ANOVA Tutorial. https://www.spss-tutorials.com/spss-one-way-anova/
dc.relation.isbasedon Svobodová, L., & Hedvičkáková, M. (2015). Doing Business in the Countries of Visegrad Group. Procedia Economics and Finance, 34, 453–460. http://doi.org/10.1016/S2212-5671(15)01654-8
dc.relation.isbasedon Tahal, R., & Formánek, T. (2020). Reflection of GDPR by the Czech Population. Management and Marketing. Challenges for the Knowledge Society, 15(1), 78–94. https://doi.org/10.2478/mmcks-2020-0005
dc.relation.isbasedon Tambou, O. (2019). France ∙ Lessons from the First Post-GDPR Fines of the CNIL against Google LLC. European Data Protection Law Review, 5(1), 80–84. https://doi.org/10.21552/edpl/2019/1/13
dc.relation.isbasedon Tatar, U., Gokce, Y., & Nussbaum, B. (2020). Law versus technology: Blockchain, GDPR, and tough tradeoffs. Computer Law and Security Review, 38, 105454. https://doi.org/10.1016/j.clsr.2020.105454
dc.relation.isbasedon Tchinaryan, E. O., Lavrentieva, M. S., Kuchenin, E. S., & Neznamova, A. A. (2019). Digital Technologies of the European Union in Personal Data Protection. International Journal of Innovative Technology and Exploring Engineering, 8(12), 3600–3604. https://doi.org/10.35940/ijitee.L3798.1081219
dc.relation.isbasedon van de Waerdt, P. J. (2020). Information asymmetries: Recognizing the limits of the GDPR on the data-driven market. Computer Law and Security Review, 38, 105436. https://doi.org/10.1016/j.clsr.2020.105436
dc.relation.isbasedon Vejvodová, A., & Rosůlková, J. (2019). Absurdní rok s GDPR [An absurd year with GDPR]. National Cyber and Information Security Agency. https://www.uoou.cz/assets/File.ashx?id_org=200144&id_dokumenty=46962
dc.relation.isbasedon Zahariev, M., & Makshutova, R. (2020). GDPR implementation series ∙ Bulgaria. European Data Protection Law Review, 6(3), 424–432. https://doi.org/10.21552/edpl/2020/3/12
dc.rights CC BY-NC
dc.subject General Data Protection Regulation en
dc.subject European countries en
dc.subject personal data en
dc.subject security en
dc.subject privacy en
dc.subject individual rights en
dc.subject.classification K22
dc.subject.classification K42
dc.title The GDPR at the Organizational Level: A Comparative Study of Eight European Countries en
dc.type Article en
dc.publisher.abbreviation TUL
dc.relation.isrefereed true
dc.identifier.doi 10.15240/tul/001/2021-2-013
dc.identifier.eissn 2336-5604
local.relation.volume 24
local.relation.issue 2
local.relation.abbreviation E+M cs
local.relation.abbreviation E&M en
local.faculty Faculty of Economics
local.citation.spage 207
local.citation.epage 222
local.access open
local.fulltext yes


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search DSpace

Advanced Search

Browse

My Account