The GDPR at the Organizational Level: A Comparative Study of Eight European Countries

dc.contributor.authorZanker, Marek
dc.contributor.authorBureš, Vladimír
dc.contributor.authorCierniak-Emerych, Anna
dc.contributor.authorNehéz, Martin
dc.contributor.otherEkonomická fakultacs
dc.date.accessioned2021-06-04T08:54:58Z
dc.date.available2021-06-04T08:54:58Z
dc.description.abstractThe General Data Protection Regulation, also known as the ‘gold standard’ or the ‘Magna Carta’ of cyber laws, is a European regulation that deals with rights in the area of privacy and focuses on data collection, storage and data processing. This manuscript presents the results of investigation in the business sphere from eight countries of the European Union. The research focused on awareness of the GDPR, costs associated with the GDPR, number of trainings, how data are secured and subjective evaluation. The questionnaire was used for data collection. The results show that the majority of employees concerned about the GDPR are able to define the GDPR correctly (64%). The correct identification of personal data is in 95% of cases. The vast majority of respondents (94%) assign the right to personal data protection to the GDPR. Most employees are trained in the GDPR once (46%) or twice (45%). Subsequently, the differences between these countries in some areas of the questionnaire survey were examined. For this purpose, Welch ANOVA with post-test Tukey HSD or Kruskal-Wallis test were used. As a result, knowledge about the personal data do not vary significantly between the countries. In the area of rights, the countries are not again statistically different. As for the number of security countries, statistics do not differ significantly. The subjective assessment of the GDPR is different across the countries. The GDPR is rated worst by companies in the Czech Republic and Slovakia. On the contrary, the GDPR is best perceived by companies in France and the United Kingdom.en
dc.formattext
dc.identifier.doi10.15240/tul/001/2021-2-013
dc.identifier.eissn2336-5604
dc.identifier.issn1212-3609
dc.identifier.urihttps://dspace.tul.cz/handle/15240/160028
dc.language.isoen
dc.publisherTechnická Univerzita v Libercics
dc.publisherTechnical university of Liberec, Czech Republicen
dc.publisher.abbreviationTUL
dc.relation.isbasedonAbdulghani, H. A., Nijdam, N. A., Collen, A., & Konstantas, D. (2019). A Study on Security and Privacy Guidelines, Countermeasures, Threats: IoT Data at Rest Perspective. Symmetry, 11(6), 774. https://doi.org/10.3390/sym11060774
dc.relation.isbasedonAndrew, J., & Baker, M. (2019). The General Data Protection Regulation in the Age of Surveillance Capitalism. Journal of Business Ethics, 168(3), 1–14. https://doi.org/10.1007/s10551-019-04239-z
dc.relation.isbasedonBach, R. L., Kern, C., Amaya, A., Keusch, F., Kreuter, F., Hecht, J., & Heinemann, J. (2019). Predicting Voting Behavior Using Digital Trace Data. Social Science Computer Review. https://doi.org/10.1177/0894439319882896
dc.relation.isbasedonBotta, M., & Wiedemann, K. (2019). The Interaction of EU Competition, Consumer, and Data Protection Law in the Digital Economy: The Regulatory Dilemma in the Facebook Odyssey. The Antitrust Bulletin, 64(3), 428–446. https://doi.org/10.1177/0003603X19863590
dc.relation.isbasedonBovenberg, J., Peloquin, D., Bierer, B., Barnes, M., & Knoppers, B. M. (2020). How to fix the GDPR’s frustration of global biomedical research: Sharing of data for research beyond the EU must improve. Science, 370(6512), 40–42. https://doi.org/10.1126/science.abd2499
dc.relation.isbasedonBreen, S., Ouazzane, K., & Patel, P. (2020). GDPR: Is your consent valid? Business Information Review, 37(1), 19–24. https://doi.org/10.1177/0266382120903254
dc.relation.isbasedonBrodin, M. (2019). A Framework for GDPR Compliance for Small- and Medium-Sized Enterprises. European Journal for Security Research, 4(2), 243–264. https://doi.org/10.1007/s41125-019-00042-z
dc.relation.isbasedonBureš, V., Jašíková, V., Otčenášková, T., Kolerová, K., Zubr, V., & Marešová, P. (2012). A Comprehensive View on Evaluation of Cluster Initiatives. In J. Politis (Ed.), Proceedings of the 8th European Conference on Management Leadership and Governance (ECMLG). (pp. 74–79). Pafos, Cyprus. Reading: Academic Conferences International.
dc.relation.isbasedonCisco. (2019, February 11). Požadavky GDPR dnes splňuje 59 % podniků, odhaluje průzkum Cisco [The Cisco research reveals: The GDPR requirements are met in 59% of companies only]. https://www.cisco.com/c/cs_cz/about/news/2019/20190211.html
dc.relation.isbasedonCzech News Agency & iDNES.cz. (2019, July 12). Rekordní pokuta. Facebook zaplatí pět miliard dolarů za porušení soukromí [Record fine. Facebook will pay $ 5 billion for privacy violations]. https://www.idnes.cz/ekonomika/zahranicni/facebook-pokuta-poruseni-ochrana-soukromi-miliard-usa.A190712_221657_eko-zahranicni_pmk
dc.relation.isbasedonDe Hert, P., Papakonstantinou, V., Malgieri, G., Beslay, L., & Sanchez, I. (2018). The right to data portability in the GDPR: Towards user-centric interoperability of digital services. Computer Law & Security Review, 34(2), 193–203. https://doi.org/10.1016/j.clsr.2017.10.003
dc.relation.isbasedonDonnelly, M., & McDonagh, M. (2019). Health Research, Consent and the GDPR Exemption. European Journal of Health Law, 26(2), 97–119. https://doi.org/10.1163/15718093-12262427
dc.relation.isbasedonDuncan, B., & Zhao, Y. (2018). Risk Management for Cloud Compliance with the EU General Data Protection Regulation. In 2018 International Conference on High Performance Computing Simulation (HPCS), Orleans, France (pp. 664–671). https://doi.org/10.1109/HPCS.2018.00109
dc.relation.isbasedonEckert, N. (2019, April 30). What Are the Real Costs of GDPR Compliance? GDPR.365. https://www.gdpr365.com/what-are-the-real-costs-of-gdpr-compliance/
dc.relation.isbasedonEuropean Commission. (2018). The GDPR: New opportunities, new obligations: what every business needs to know about the EU General Data Protection Regulation (Report). Luxembourg: Publications Office of the European Union. Retrieved from https://ec.europa.eu/info/sites/info/files/data-protection-factsheet-sme-obligations_en.pdf
dc.relation.isbasedonEuropean Commission. (2019). What does the General Data Protection Regulation (GDPR) govern? https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-does-general-data-protection-regulation-gdpr-govern_en
dc.relation.isbasedonEuropean Commission. (2020a). EU data protection rules. https://ec.europa.eu/info/law/law-topic/data-protection/eu-data-protection-rules_en
dc.relation.isbasedonEuropean Commission. (2020b). White Paper on Artificial Intelligence a European approach to excellence and trust (Report). Brussels: European Commission. Retrieved from https://ec.europa.eu/info/sites/info/files/commission-white-paper-artificial-intelligence-feb2020_en.pdf
dc.relation.isbasedonEuropean Union. (2016). Regulation (EU) 2016/679 of The European Parliament and of the Council. Official Journal of the European Union. Retrieved from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679
dc.relation.isbasedonGal, M. S., & Aviv, O. (2020). The Competitive Effects of the GDPR. Journal of Competition Law & Economics, 16(3), 349–391. https://doi.org/10.1093/joclec/nhaa012
dc.relation.isbasedonGDPR.eu. (2019a). Data anonymization and GDPR compliance: The case of Taxa 4×35. https://gdpr.eu/data-anonymization-taxa-4x35/
dc.relation.isbasedonGDPR.eu. (2019b). GDPR checklist for data controllers. https://gdpr.eu/checklist/
dc.relation.isbasedonGDPR.eu. (2019c). GDPR-compliant services for businesses. https://gdpr.eu/compliant-services/
dc.relation.isbasedonGDPR.eu. (2019d, May). GDPR Small Business Survey: Insights from European small business leaders one year into the General Data Protection Regulation (Report). Brussels: GDPR.eu. Retrieved from https://gdpr.eu/wp-content/uploads/2019/05/2019-GDPR.EU-Small-Business-Survey.pdf
dc.relation.isbasedonGideon, L. (Ed.). (2012). Handbook of Survey Methodology for the Sciences. New York, NY: Springer-Verlag. https://doi.org/10.1007/978-1-4614-3876-2
dc.relation.isbasedonGregory Voss, W., & Houser, K. A. (2019). Personal Data and the GDPR: Providing a Competitive Advantage for U.S. Companies. American Business Law Journal, 56(2), 287–344. https://doi.org/10.1111/ablj.12139
dc.relation.isbasedonHärting, R. C., Kaim, R., & Ruch, D. (2020). Impacts of the Implementation of the General Data Protection Regulations (GDPR) in SME Business Models – An Empirical Study with a Quantitative Design. In G. Jezic, J. Chen-Burger, M. Kusek, R. Sperka, R. Howlett, & L. Jain (Eds.), Agents and Multi-Agent Systems: Technologies and Applications 2020: Smart Innovation, Systems and Technologies (Vol. 186, pp. 295–303). Singapore: Springer. https://doi.org/10.1007/978-981-15-5764-4_27
dc.relation.isbasedonIBM. (2020). SPSS Statistics – Overview. https://www.ibm.com/products/spss-statistics
dc.relation.isbasedonIT Governance Privacy Team. (2020). EU General Data Protection Regulation (GDPR) – An implementation and compliance guide (4th ed.). Ely: IT Governance Publishing. https://doi.org/10.2307/j.ctv17f12pc
dc.relation.isbasedonKasse, J. P., Xu, L., deVrieze, P., & Bai, Y. (2018). The Need for Compliance Verification in Collaborative Business Processes. In L. Camarinha-Matos, H. Afsarmanesh, & Y. Rezgui (Eds.), Collaborative Networks of Cognitive Systems. PRO-VE 2018. IFIP Advances in Information and Communication Technology (Vol. 534, pp. 217–229). Cham: Springer. https://doi.org/10.1007/978-3-319-99127-6_19
dc.relation.isbasedonKorpisaari, P. (2019). GDPR Implementation Series ∙ Finland: A Brief Overview of the GDPR Implementation. European Data Protection Law Review, 5(2), 232–237. https://doi.org/10.21552/edpl/2019/2/13
dc.relation.isbasedonLachaud, E. (2020). What GDPR tells about certification. Computer Law and Security Review, 38, 105457. https://doi.org/10.1016/j.clsr.2020.105457
dc.relation.isbasedonLi, H., Yu, L., & He, W. (2019). The Impact of GDPR on Global Technology Development. Journal of Global Information Technology Management, 22(1), 1–6. https://doi.org/10.1080/1097198X.2019.1569186
dc.relation.isbasedonLuxatia International. (2019). GDPR Statistics from the First Year (Infographic). https://www.luxatiainternational.com/article/gdpr-statistics-from-the-first-year-infographic
dc.relation.isbasedonMalgieri, G. (2019). Automated decision-making in the EU Member States: The right to explanation and other “suitable safeguards” in the national legislations. Computer Law & Security Review, 35(5), 105327. https://doi.org/10.1016/j.clsr.2019.05.002
dc.relation.isbasedonMarelli, L., Lievevrouw, E., & Van Hoyweghen, I. (2020). Fit for purpose? The GDPR and the governance of European digital health. Policy Studies, 41(5), 447–467. https://doi.org/10.1080/01442872.2020.1724929
dc.relation.isbasedonMeijering, L., Osborne, T., Hoorn, E., & Montagner, C. (2020). How the GDPR can contribute to improving geographical research. Geoforum, 117, 291–295. https://doi.org/10.1016/j.geoforum.2020.05.013
dc.relation.isbasedonMikulecký, P., Olševičová, K., Bureš, V., & Mls, K. (2011). Possibilities of Ambient Intelligence and Smart Environments in Educational Institutions. In N. Y. Chong, & F. Matrogiovanni (Eds.), Handbook of Research on Ambient Intelligence and Smart Environments: Trends and Perspectives (pp. 620–639). Hersey, PA: IGI Global.
dc.relation.isbasedonMitrou, L. (2020). GDPR implementation series: Greece: The new data protection framework. European Data Protection Law Review, 6(1), 107–113. https://doi.org/10.21552/edpl/2020/1/14
dc.relation.isbasedonNational Cyber and Information Security Agency. (2019a, June 21). České energetické firmy čelily cvičným kybernetickým útokům [Czech energy companies faced training cyber attacks]. https://nukib.cz/cs/infoservis/aktuality/1350-ceske-energeticke-firmy-celily-cvicnym-kybernetickym-utokum/
dc.relation.isbasedonNational Cyber and Information Security Agency. (2019b). GDPR (obecné nařízení) [GDPR: General Regulation]. https://www.uoou.cz/gdpr-obecne-narizeni/ds-3938/p1=3938
dc.relation.isbasedonO’Brien, R. (2016). Privacy and security: The new European data protection regulation and it’s data breach notification requirements. Business Information Review, 33(2), 81–84. https://doi.org/10.1177/0266382116650297
dc.relation.isbasedonPeloquin, D., DiMaio, M., Bierer, B., & Barnes, M. (2020). Disruptive and avoidable: GDPR challenges to secondary research uses of data. European Journal of Human Genetics, 28(6), 697–705. https://doi.org/10.1038/s41431-020-0596-x
dc.relation.isbasedonPresthus, W., & Sørum, H. (2018). Are Consumers Concerned About Privacy? An Online Survey Emphasizing the General Data Protection Regulation. Computer Science Procedure, 138, 603–611. https://doi.org/10.1016/j.procs.2018.10.081
dc.relation.isbasedonPuljak, L., Mladinić, A., Iphofen, R., & Koporc, Z. (2020). Before and after enforcement of GDPR: Personal data protection requests received by Croatian Personal Data Protection Agency from academic and research institutions. Biochemia Medica, 30(3), 030201. https://doi.org/10.11613/BM.2020.030201
dc.relation.isbasedonRadley-Gardner, O., Beale, H., & Zimmermann, R. (Eds.). (2016). Fundamental Texts on European Private Law. Oxford: Hart Publishing. https://doi.org/10.5040/9781782258674
dc.relation.isbasedonSajfert, J. (2020). Croatia: Minimum Service for the Implementation, Big Service to the Public Sector. European Data Protection Law Review, 6(2), 281–288. https://doi.org/10.21552/edpl/2020/2/14
dc.relation.isbasedonSobers, R. (2020, June 17). A Year in the Life of the GDPR: Must-Know Stats and Takeaways. Varonis. https://www.varonis.com/blog/gdpr-effect-review/
dc.relation.isbasedonSørum, H., & Presthus, W. (2020). Dude, where’s my data? The GDPR in practice, from a consumer’s point of view. Information Technology & People, (ahead-of-print). https://doi.org/10.1108/ITP-08-2019-0433
dc.relation.isbasedonSPSS. (2020). SPSS One-Way ANOVA Tutorial. https://www.spss-tutorials.com/spss-one-way-anova/
dc.relation.isbasedonSvobodová, L., & Hedvičkáková, M. (2015). Doing Business in the Countries of Visegrad Group. Procedia Economics and Finance, 34, 453–460. http://doi.org/10.1016/S2212-5671(15)01654-8
dc.relation.isbasedonTahal, R., & Formánek, T. (2020). Reflection of GDPR by the Czech Population. Management and Marketing. Challenges for the Knowledge Society, 15(1), 78–94. https://doi.org/10.2478/mmcks-2020-0005
dc.relation.isbasedonTambou, O. (2019). France ∙ Lessons from the First Post-GDPR Fines of the CNIL against Google LLC. European Data Protection Law Review, 5(1), 80–84. https://doi.org/10.21552/edpl/2019/1/13
dc.relation.isbasedonTatar, U., Gokce, Y., & Nussbaum, B. (2020). Law versus technology: Blockchain, GDPR, and tough tradeoffs. Computer Law and Security Review, 38, 105454. https://doi.org/10.1016/j.clsr.2020.105454
dc.relation.isbasedonTchinaryan, E. O., Lavrentieva, M. S., Kuchenin, E. S., & Neznamova, A. A. (2019). Digital Technologies of the European Union in Personal Data Protection. International Journal of Innovative Technology and Exploring Engineering, 8(12), 3600–3604. https://doi.org/10.35940/ijitee.L3798.1081219
dc.relation.isbasedonvan de Waerdt, P. J. (2020). Information asymmetries: Recognizing the limits of the GDPR on the data-driven market. Computer Law and Security Review, 38, 105436. https://doi.org/10.1016/j.clsr.2020.105436
dc.relation.isbasedonVejvodová, A., & Rosůlková, J. (2019). Absurdní rok s GDPR [An absurd year with GDPR]. National Cyber and Information Security Agency. https://www.uoou.cz/assets/File.ashx?id_org=200144&id_dokumenty=46962
dc.relation.isbasedonZahariev, M., & Makshutova, R. (2020). GDPR implementation series ∙ Bulgaria. European Data Protection Law Review, 6(3), 424–432. https://doi.org/10.21552/edpl/2020/3/12
dc.relation.ispartofEkonomie a Managementcs
dc.relation.ispartofEconomics and Managementen
dc.relation.isrefereedtrue
dc.rightsCC BY-NC
dc.subjectGeneral Data Protection Regulationen
dc.subjectEuropean countriesen
dc.subjectpersonal dataen
dc.subjectsecurityen
dc.subjectprivacyen
dc.subjectindividual rightsen
dc.subject.classificationK22
dc.subject.classificationK42
dc.titleThe GDPR at the Organizational Level: A Comparative Study of Eight European Countriesen
dc.typeArticleen
local.accessopen
local.citation.epage222
local.citation.spage207
local.facultyFaculty of Economics
local.fulltextyes
local.relation.abbreviationE+Mcs
local.relation.abbreviationE&Men
local.relation.issue2
local.relation.volume24
Files
Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
EM_2_2021_13.pdf
Size:
580.24 KB
Format:
Adobe Portable Document Format
Description:
článek
Collections