The GDPR at the Organizational Level: A Comparative Study of Eight European Countries
dc.contributor.author | Zanker, Marek | |
dc.contributor.author | Bureš, Vladimír | |
dc.contributor.author | Cierniak-Emerych, Anna | |
dc.contributor.author | Nehéz, Martin | |
dc.contributor.other | Ekonomická fakulta | cs |
dc.date.accessioned | 2021-06-04T08:54:58Z | |
dc.date.available | 2021-06-04T08:54:58Z | |
dc.description.abstract | The General Data Protection Regulation, also known as the ‘gold standard’ or the ‘Magna Carta’ of cyber laws, is a European regulation that deals with rights in the area of privacy and focuses on data collection, storage and data processing. This manuscript presents the results of investigation in the business sphere from eight countries of the European Union. The research focused on awareness of the GDPR, costs associated with the GDPR, number of trainings, how data are secured and subjective evaluation. The questionnaire was used for data collection. The results show that the majority of employees concerned about the GDPR are able to define the GDPR correctly (64%). The correct identification of personal data is in 95% of cases. The vast majority of respondents (94%) assign the right to personal data protection to the GDPR. Most employees are trained in the GDPR once (46%) or twice (45%). Subsequently, the differences between these countries in some areas of the questionnaire survey were examined. For this purpose, Welch ANOVA with post-test Tukey HSD or Kruskal-Wallis test were used. As a result, knowledge about the personal data do not vary significantly between the countries. In the area of rights, the countries are not again statistically different. As for the number of security countries, statistics do not differ significantly. The subjective assessment of the GDPR is different across the countries. The GDPR is rated worst by companies in the Czech Republic and Slovakia. On the contrary, the GDPR is best perceived by companies in France and the United Kingdom. | en |
dc.format | text | |
dc.identifier.doi | 10.15240/tul/001/2021-2-013 | |
dc.identifier.eissn | 2336-5604 | |
dc.identifier.issn | 1212-3609 | |
dc.identifier.uri | https://dspace.tul.cz/handle/15240/160028 | |
dc.language.iso | en | |
dc.publisher | Technická Univerzita v Liberci | cs |
dc.publisher | Technical university of Liberec, Czech Republic | en |
dc.publisher.abbreviation | TUL | |
dc.relation.isbasedon | Abdulghani, H. A., Nijdam, N. A., Collen, A., & Konstantas, D. (2019). A Study on Security and Privacy Guidelines, Countermeasures, Threats: IoT Data at Rest Perspective. Symmetry, 11(6), 774. https://doi.org/10.3390/sym11060774 | |
dc.relation.isbasedon | Andrew, J., & Baker, M. (2019). The General Data Protection Regulation in the Age of Surveillance Capitalism. Journal of Business Ethics, 168(3), 1–14. https://doi.org/10.1007/s10551-019-04239-z | |
dc.relation.isbasedon | Bach, R. L., Kern, C., Amaya, A., Keusch, F., Kreuter, F., Hecht, J., & Heinemann, J. (2019). Predicting Voting Behavior Using Digital Trace Data. Social Science Computer Review. https://doi.org/10.1177/0894439319882896 | |
dc.relation.isbasedon | Botta, M., & Wiedemann, K. (2019). The Interaction of EU Competition, Consumer, and Data Protection Law in the Digital Economy: The Regulatory Dilemma in the Facebook Odyssey. The Antitrust Bulletin, 64(3), 428–446. https://doi.org/10.1177/0003603X19863590 | |
dc.relation.isbasedon | Bovenberg, J., Peloquin, D., Bierer, B., Barnes, M., & Knoppers, B. M. (2020). How to fix the GDPR’s frustration of global biomedical research: Sharing of data for research beyond the EU must improve. Science, 370(6512), 40–42. https://doi.org/10.1126/science.abd2499 | |
dc.relation.isbasedon | Breen, S., Ouazzane, K., & Patel, P. (2020). GDPR: Is your consent valid? Business Information Review, 37(1), 19–24. https://doi.org/10.1177/0266382120903254 | |
dc.relation.isbasedon | Brodin, M. (2019). A Framework for GDPR Compliance for Small- and Medium-Sized Enterprises. European Journal for Security Research, 4(2), 243–264. https://doi.org/10.1007/s41125-019-00042-z | |
dc.relation.isbasedon | Bureš, V., Jašíková, V., Otčenášková, T., Kolerová, K., Zubr, V., & Marešová, P. (2012). A Comprehensive View on Evaluation of Cluster Initiatives. In J. Politis (Ed.), Proceedings of the 8th European Conference on Management Leadership and Governance (ECMLG). (pp. 74–79). Pafos, Cyprus. Reading: Academic Conferences International. | |
dc.relation.isbasedon | Cisco. (2019, February 11). Požadavky GDPR dnes splňuje 59 % podniků, odhaluje průzkum Cisco [The Cisco research reveals: The GDPR requirements are met in 59% of companies only]. https://www.cisco.com/c/cs_cz/about/news/2019/20190211.html | |
dc.relation.isbasedon | Czech News Agency & iDNES.cz. (2019, July 12). Rekordní pokuta. Facebook zaplatí pět miliard dolarů za porušení soukromí [Record fine. Facebook will pay $ 5 billion for privacy violations]. https://www.idnes.cz/ekonomika/zahranicni/facebook-pokuta-poruseni-ochrana-soukromi-miliard-usa.A190712_221657_eko-zahranicni_pmk | |
dc.relation.isbasedon | De Hert, P., Papakonstantinou, V., Malgieri, G., Beslay, L., & Sanchez, I. (2018). The right to data portability in the GDPR: Towards user-centric interoperability of digital services. Computer Law & Security Review, 34(2), 193–203. https://doi.org/10.1016/j.clsr.2017.10.003 | |
dc.relation.isbasedon | Donnelly, M., & McDonagh, M. (2019). Health Research, Consent and the GDPR Exemption. European Journal of Health Law, 26(2), 97–119. https://doi.org/10.1163/15718093-12262427 | |
dc.relation.isbasedon | Duncan, B., & Zhao, Y. (2018). Risk Management for Cloud Compliance with the EU General Data Protection Regulation. In 2018 International Conference on High Performance Computing Simulation (HPCS), Orleans, France (pp. 664–671). https://doi.org/10.1109/HPCS.2018.00109 | |
dc.relation.isbasedon | Eckert, N. (2019, April 30). What Are the Real Costs of GDPR Compliance? GDPR.365. https://www.gdpr365.com/what-are-the-real-costs-of-gdpr-compliance/ | |
dc.relation.isbasedon | European Commission. (2018). The GDPR: New opportunities, new obligations: what every business needs to know about the EU General Data Protection Regulation (Report). Luxembourg: Publications Office of the European Union. Retrieved from https://ec.europa.eu/info/sites/info/files/data-protection-factsheet-sme-obligations_en.pdf | |
dc.relation.isbasedon | European Commission. (2019). What does the General Data Protection Regulation (GDPR) govern? https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-does-general-data-protection-regulation-gdpr-govern_en | |
dc.relation.isbasedon | European Commission. (2020a). EU data protection rules. https://ec.europa.eu/info/law/law-topic/data-protection/eu-data-protection-rules_en | |
dc.relation.isbasedon | European Commission. (2020b). White Paper on Artificial Intelligence a European approach to excellence and trust (Report). Brussels: European Commission. Retrieved from https://ec.europa.eu/info/sites/info/files/commission-white-paper-artificial-intelligence-feb2020_en.pdf | |
dc.relation.isbasedon | European Union. (2016). Regulation (EU) 2016/679 of The European Parliament and of the Council. Official Journal of the European Union. Retrieved from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679 | |
dc.relation.isbasedon | Gal, M. S., & Aviv, O. (2020). The Competitive Effects of the GDPR. Journal of Competition Law & Economics, 16(3), 349–391. https://doi.org/10.1093/joclec/nhaa012 | |
dc.relation.isbasedon | GDPR.eu. (2019a). Data anonymization and GDPR compliance: The case of Taxa 4×35. https://gdpr.eu/data-anonymization-taxa-4x35/ | |
dc.relation.isbasedon | GDPR.eu. (2019b). GDPR checklist for data controllers. https://gdpr.eu/checklist/ | |
dc.relation.isbasedon | GDPR.eu. (2019c). GDPR-compliant services for businesses. https://gdpr.eu/compliant-services/ | |
dc.relation.isbasedon | GDPR.eu. (2019d, May). GDPR Small Business Survey: Insights from European small business leaders one year into the General Data Protection Regulation (Report). Brussels: GDPR.eu. Retrieved from https://gdpr.eu/wp-content/uploads/2019/05/2019-GDPR.EU-Small-Business-Survey.pdf | |
dc.relation.isbasedon | Gideon, L. (Ed.). (2012). Handbook of Survey Methodology for the Sciences. New York, NY: Springer-Verlag. https://doi.org/10.1007/978-1-4614-3876-2 | |
dc.relation.isbasedon | Gregory Voss, W., & Houser, K. A. (2019). Personal Data and the GDPR: Providing a Competitive Advantage for U.S. Companies. American Business Law Journal, 56(2), 287–344. https://doi.org/10.1111/ablj.12139 | |
dc.relation.isbasedon | Härting, R. C., Kaim, R., & Ruch, D. (2020). Impacts of the Implementation of the General Data Protection Regulations (GDPR) in SME Business Models – An Empirical Study with a Quantitative Design. In G. Jezic, J. Chen-Burger, M. Kusek, R. Sperka, R. Howlett, & L. Jain (Eds.), Agents and Multi-Agent Systems: Technologies and Applications 2020: Smart Innovation, Systems and Technologies (Vol. 186, pp. 295–303). Singapore: Springer. https://doi.org/10.1007/978-981-15-5764-4_27 | |
dc.relation.isbasedon | IBM. (2020). SPSS Statistics – Overview. https://www.ibm.com/products/spss-statistics | |
dc.relation.isbasedon | IT Governance Privacy Team. (2020). EU General Data Protection Regulation (GDPR) – An implementation and compliance guide (4th ed.). Ely: IT Governance Publishing. https://doi.org/10.2307/j.ctv17f12pc | |
dc.relation.isbasedon | Kasse, J. P., Xu, L., deVrieze, P., & Bai, Y. (2018). The Need for Compliance Verification in Collaborative Business Processes. In L. Camarinha-Matos, H. Afsarmanesh, & Y. Rezgui (Eds.), Collaborative Networks of Cognitive Systems. PRO-VE 2018. IFIP Advances in Information and Communication Technology (Vol. 534, pp. 217–229). Cham: Springer. https://doi.org/10.1007/978-3-319-99127-6_19 | |
dc.relation.isbasedon | Korpisaari, P. (2019). GDPR Implementation Series ∙ Finland: A Brief Overview of the GDPR Implementation. European Data Protection Law Review, 5(2), 232–237. https://doi.org/10.21552/edpl/2019/2/13 | |
dc.relation.isbasedon | Lachaud, E. (2020). What GDPR tells about certification. Computer Law and Security Review, 38, 105457. https://doi.org/10.1016/j.clsr.2020.105457 | |
dc.relation.isbasedon | Li, H., Yu, L., & He, W. (2019). The Impact of GDPR on Global Technology Development. Journal of Global Information Technology Management, 22(1), 1–6. https://doi.org/10.1080/1097198X.2019.1569186 | |
dc.relation.isbasedon | Luxatia International. (2019). GDPR Statistics from the First Year (Infographic). https://www.luxatiainternational.com/article/gdpr-statistics-from-the-first-year-infographic | |
dc.relation.isbasedon | Malgieri, G. (2019). Automated decision-making in the EU Member States: The right to explanation and other “suitable safeguards” in the national legislations. Computer Law & Security Review, 35(5), 105327. https://doi.org/10.1016/j.clsr.2019.05.002 | |
dc.relation.isbasedon | Marelli, L., Lievevrouw, E., & Van Hoyweghen, I. (2020). Fit for purpose? The GDPR and the governance of European digital health. Policy Studies, 41(5), 447–467. https://doi.org/10.1080/01442872.2020.1724929 | |
dc.relation.isbasedon | Meijering, L., Osborne, T., Hoorn, E., & Montagner, C. (2020). How the GDPR can contribute to improving geographical research. Geoforum, 117, 291–295. https://doi.org/10.1016/j.geoforum.2020.05.013 | |
dc.relation.isbasedon | Mikulecký, P., Olševičová, K., Bureš, V., & Mls, K. (2011). Possibilities of Ambient Intelligence and Smart Environments in Educational Institutions. In N. Y. Chong, & F. Matrogiovanni (Eds.), Handbook of Research on Ambient Intelligence and Smart Environments: Trends and Perspectives (pp. 620–639). Hersey, PA: IGI Global. | |
dc.relation.isbasedon | Mitrou, L. (2020). GDPR implementation series: Greece: The new data protection framework. European Data Protection Law Review, 6(1), 107–113. https://doi.org/10.21552/edpl/2020/1/14 | |
dc.relation.isbasedon | National Cyber and Information Security Agency. (2019a, June 21). České energetické firmy čelily cvičným kybernetickým útokům [Czech energy companies faced training cyber attacks]. https://nukib.cz/cs/infoservis/aktuality/1350-ceske-energeticke-firmy-celily-cvicnym-kybernetickym-utokum/ | |
dc.relation.isbasedon | National Cyber and Information Security Agency. (2019b). GDPR (obecné nařízení) [GDPR: General Regulation]. https://www.uoou.cz/gdpr-obecne-narizeni/ds-3938/p1=3938 | |
dc.relation.isbasedon | O’Brien, R. (2016). Privacy and security: The new European data protection regulation and it’s data breach notification requirements. Business Information Review, 33(2), 81–84. https://doi.org/10.1177/0266382116650297 | |
dc.relation.isbasedon | Peloquin, D., DiMaio, M., Bierer, B., & Barnes, M. (2020). Disruptive and avoidable: GDPR challenges to secondary research uses of data. European Journal of Human Genetics, 28(6), 697–705. https://doi.org/10.1038/s41431-020-0596-x | |
dc.relation.isbasedon | Presthus, W., & Sørum, H. (2018). Are Consumers Concerned About Privacy? An Online Survey Emphasizing the General Data Protection Regulation. Computer Science Procedure, 138, 603–611. https://doi.org/10.1016/j.procs.2018.10.081 | |
dc.relation.isbasedon | Puljak, L., Mladinić, A., Iphofen, R., & Koporc, Z. (2020). Before and after enforcement of GDPR: Personal data protection requests received by Croatian Personal Data Protection Agency from academic and research institutions. Biochemia Medica, 30(3), 030201. https://doi.org/10.11613/BM.2020.030201 | |
dc.relation.isbasedon | Radley-Gardner, O., Beale, H., & Zimmermann, R. (Eds.). (2016). Fundamental Texts on European Private Law. Oxford: Hart Publishing. https://doi.org/10.5040/9781782258674 | |
dc.relation.isbasedon | Sajfert, J. (2020). Croatia: Minimum Service for the Implementation, Big Service to the Public Sector. European Data Protection Law Review, 6(2), 281–288. https://doi.org/10.21552/edpl/2020/2/14 | |
dc.relation.isbasedon | Sobers, R. (2020, June 17). A Year in the Life of the GDPR: Must-Know Stats and Takeaways. Varonis. https://www.varonis.com/blog/gdpr-effect-review/ | |
dc.relation.isbasedon | Sørum, H., & Presthus, W. (2020). Dude, where’s my data? The GDPR in practice, from a consumer’s point of view. Information Technology & People, (ahead-of-print). https://doi.org/10.1108/ITP-08-2019-0433 | |
dc.relation.isbasedon | SPSS. (2020). SPSS One-Way ANOVA Tutorial. https://www.spss-tutorials.com/spss-one-way-anova/ | |
dc.relation.isbasedon | Svobodová, L., & Hedvičkáková, M. (2015). Doing Business in the Countries of Visegrad Group. Procedia Economics and Finance, 34, 453–460. http://doi.org/10.1016/S2212-5671(15)01654-8 | |
dc.relation.isbasedon | Tahal, R., & Formánek, T. (2020). Reflection of GDPR by the Czech Population. Management and Marketing. Challenges for the Knowledge Society, 15(1), 78–94. https://doi.org/10.2478/mmcks-2020-0005 | |
dc.relation.isbasedon | Tambou, O. (2019). France ∙ Lessons from the First Post-GDPR Fines of the CNIL against Google LLC. European Data Protection Law Review, 5(1), 80–84. https://doi.org/10.21552/edpl/2019/1/13 | |
dc.relation.isbasedon | Tatar, U., Gokce, Y., & Nussbaum, B. (2020). Law versus technology: Blockchain, GDPR, and tough tradeoffs. Computer Law and Security Review, 38, 105454. https://doi.org/10.1016/j.clsr.2020.105454 | |
dc.relation.isbasedon | Tchinaryan, E. O., Lavrentieva, M. S., Kuchenin, E. S., & Neznamova, A. A. (2019). Digital Technologies of the European Union in Personal Data Protection. International Journal of Innovative Technology and Exploring Engineering, 8(12), 3600–3604. https://doi.org/10.35940/ijitee.L3798.1081219 | |
dc.relation.isbasedon | van de Waerdt, P. J. (2020). Information asymmetries: Recognizing the limits of the GDPR on the data-driven market. Computer Law and Security Review, 38, 105436. https://doi.org/10.1016/j.clsr.2020.105436 | |
dc.relation.isbasedon | Vejvodová, A., & Rosůlková, J. (2019). Absurdní rok s GDPR [An absurd year with GDPR]. National Cyber and Information Security Agency. https://www.uoou.cz/assets/File.ashx?id_org=200144&id_dokumenty=46962 | |
dc.relation.isbasedon | Zahariev, M., & Makshutova, R. (2020). GDPR implementation series ∙ Bulgaria. European Data Protection Law Review, 6(3), 424–432. https://doi.org/10.21552/edpl/2020/3/12 | |
dc.relation.ispartof | Ekonomie a Management | cs |
dc.relation.ispartof | Economics and Management | en |
dc.relation.isrefereed | true | |
dc.rights | CC BY-NC | |
dc.subject | General Data Protection Regulation | en |
dc.subject | European countries | en |
dc.subject | personal data | en |
dc.subject | security | en |
dc.subject | privacy | en |
dc.subject | individual rights | en |
dc.subject.classification | K22 | |
dc.subject.classification | K42 | |
dc.title | The GDPR at the Organizational Level: A Comparative Study of Eight European Countries | en |
dc.type | Article | en |
local.access | open | |
local.citation.epage | 222 | |
local.citation.spage | 207 | |
local.faculty | Faculty of Economics | |
local.fulltext | yes | |
local.relation.abbreviation | E+M | cs |
local.relation.abbreviation | E&M | en |
local.relation.issue | 2 | |
local.relation.volume | 24 |
Files
Original bundle
- Name:
- EM_2_2021_13.pdf
- Size:
- 580.24 KB
- Format:
- Adobe Portable Document Format
- Description:
- článek