Risk Management for Cloud Compliance with the EU General Data Protection Regulation

The main goal of this book is to provide an understanding of what is commonly referred to as “the risk-based approach to data protection”. An expression that came to the fore during the overhaul process of the EU’s General Data Protection Regulation (GDPR)—even though it can also be found in other statutes under different acceptations. At its core it consists in endowing the regulated organisation that process personal data with increased responsibility for complying with data protection mandates. Such increased compliance duties are performed through risk management tools. It addresses this topic from various perspectives. In framing the risk-based approach as the latest model of a series of regulation models, the book provides an analysis of data protection law from the perspective of regulation theory as well as risk and risk management literatures, and their mutual interlinkages. Further, it provides an overview of the policy developments that led to the adoption of such an approach, which it discusses in the light of regulation theory. It also includes various discussions pertaining to the risk-based approach’s scope and meaning, to the way it has been uptaken in statutes including key provisions such as accountability and data protection impact assessments, or to its potential and limitations. Finally, it analyses how the risk-based approach can be implemented in practice by providing technical analyses of various data protection risk management methodologies.

Download Full-text

Buchbesprechungen. Feiler, Lukas / Forgó, Nikolaus / Weigl, Michaela: The Eu General Data Protection Regulation (Gdpr): A Commentary

Computer und Recht ◽

10.9785/cr-2018-340626 ◽

2018 ◽

Vol 34 (6) ◽

pp. r69-r70

Author(s):

Joachim Scherer ◽

Gerd Kiparski

Keyword(s):

Data Protection ◽

General Data Protection Regulation ◽

General Data ◽

The Eu

Download Full-text

The EU General Data Protection Regulation (GDPR)

10.1093/oso/9780198826491.001.0001 ◽

2020 ◽

Cited By ~ 1

Keyword(s):

Data Protection ◽

Personal Data ◽

Privacy Regulation ◽

General Data Protection Regulation ◽

Data Protection Directive ◽

Ongoing Work ◽

Protection Legislation ◽

Recent Reform ◽

General Data ◽

The Eu

This new book provides an article-by-article commentary on the new EU General Data Protection Regulation. Adopted in April 2016 and applicable from May 2018, the GDPR is the centrepiece of the recent reform of the EU regulatory framework for protection of personal data. It replaces the 1995 EU Data Protection Directive and has become the most significant piece of data protection legislation anywhere in the world. This book is edited by three leading authorities and written by a team of expert specialists in the field from around the EU and representing different sectors (including academia, the EU institutions, data protection authorities, and the private sector), thus providing a pan-European analysis of the GDPR. It examines each article of the GDPR in sequential order and explains how its provisions work, thus allowing the reader to easily and quickly elucidate the meaning of individual articles. An introductory chapter provides an overview of the background to the GDPR and its place in the greater structure of EU law and human rights law. Account is also taken of closely linked legal instruments, such as the Directive on Data Protection and Law Enforcement that was adopted concurrently with the GDPR, and of the ongoing work on the proposed new E-Privacy Regulation.

Download Full-text

FINANCIAL TECHNOLOGY RISK MANAGEMENT MODELS

Bulletin USPTU Science education economy Series economy ◽

10.17122/2541-8904-2020-2-32-82-91 ◽

2020 ◽

Vol 2 (32) ◽

pp. 82-91

Author(s):

D.A. Kurmanova ◽

◽

D.R. Sultangareev ◽

L.R. Khabibullina ◽

◽

...

Keyword(s):

Risk Management ◽

Natural Disaster ◽

Data Protection ◽

Negative Impact ◽

Cyber Attack ◽

General Data Protection Regulation ◽

Internet Infrastructure ◽

Cyber Threats ◽

General Data ◽

Financial Technology

Cyber incidents continue to move up in the rating of possible threats and occupy the second position in the ranking of risks in the activities of companies (40 %). Five years ago, they were on the fifteenth line. Like a natural disaster or pandemic, a cyber attack can have a negative impact on hundreds of companies, and the number of such incidents is growing. So-called "cyber incidents",when hackers interfere with the activities of a large number of companies, using the dependencies of their shared Internet infrastructure, occur more often. This reflects the fact that today's world of risk management is more volatile than ever. At the same time, with the upcoming entry into force of the General data protection regulation (GDPR), which has been in effect throughout Europe since may 2018, the prospects of imposing more and larger fines on companies that do not comply with it have already become real. Actions taken by the company in light of a data integrity violation directly affect the final cost of such a violation. Reputational damage is inevitable if the response to a cyber incident is inadequate. New risks require new tools to respond to their potential impacts and mitigate them. This article discusses the possible risks of financial technologies, draws attention to cyber threats, the frequency of which is increasing, and offers a model for identifying and evaluating cyber risks.

Download Full-text

The GDPR as Global Data Protection Regulation?

AJIL Unbound ◽

10.1017/aju.2019.80 ◽

2020 ◽

Vol 114 ◽

pp. 5-9 ◽

Cited By ~ 2

Author(s):

Cedric Ryngaert ◽

Mistale Taylor

Keyword(s):

International Law ◽

Data Protection ◽

Personal Data ◽

Fundamental Rights ◽

General Data Protection Regulation ◽

Data Protection Directive ◽

Protection Legislation ◽

General Data ◽

Global Data ◽

The Eu

The deterritorialization of the Internet and international communications technology has given rise to acute jurisdictional questions regarding who may regulate online activities. In the absence of a global regulator, states act unilaterally, applying their own laws to transborder activities. The EU's “extraterritorial” application of its data protection legislation—initially the Data Protection Directive (DPD) and, since 2018, the General Data Protection Regulation (GDPR)—is a case in point. The GDPR applies to “the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services . . . to such data subjects in the Union; or (b) the monitoring of their behaviour . . . within the Union.” It also conditions data transfers outside the EU on third states having adequate (meaning essentially equivalent) data protection standards. This essay outlines forms of extraterritoriality evident in EU data protection law, which could be legitimized by certain fundamental rights obligations. It then looks at how the EU balances data protection with third states’ countervailing interests. This approach can involve burdens not only for third states or corporations, but also for the EU political branches themselves. EU law viewed through the lens of public international law shows how local regulation is going global, despite its goal of protecting only EU data subjects.

Download Full-text

To What Extent Does the EU General Data Protection Regulation (GDPR) Apply to Citizen Scientist-Led Health Research with Mobile Devices?

The Journal of Law Medicine & Ethics ◽

10.1177/1073110520917046 ◽

2020 ◽

Vol 48 (S1) ◽

pp. 187-195

Author(s):

Edward S. Dove ◽

Jiahong Chen

Keyword(s):

Mobile Devices ◽

Data Protection ◽

Health Research ◽

Health Data ◽

Specific Context ◽

General Data Protection Regulation ◽

Citizen Scientist ◽

Open Questions ◽

General Data ◽

The Eu

In this article, we consider the possible application of the European General Data Protection Regulation (GDPR) to “citizen scientist”-led health research with mobile devices. We argue that the GDPR likely does cover this activity, depending on the specific context and the territorial scope. Remaining open questions that result from our analysis lead us to call for lex specialis that would provide greater clarity and certainty regarding the processing of health data by for research purposes, including these non-traditional researchers.

Download Full-text

International Organizations and the EU General Data Protection Regulation

International Organizations Law Review ◽

10.1163/15723747-2019008 ◽

2019 ◽

Vol 16 (1) ◽

pp. 158-191 ◽

Cited By ~ 1

Author(s):

Christopher Kuner

Keyword(s):

International Law ◽

International Organizations ◽

Data Protection ◽

Personal Data ◽

Eu Law ◽

Protection Measures ◽

General Data Protection Regulation ◽

General Data ◽

High Level ◽

The Eu

The importance of personal data processing for international organizations (‘IOs’) demonstrates the need for them to implement data protection in their work. The EU General Data Protection Regulation (‘GDPR’) will be influential around the world, and will impact IOs as well. Its application to them should be determined under relevant principles of EU law and public international law, and it should be interpreted consistently with the international obligations of the EU and its Member States. However, IOs should implement data protection measures regardless of whether the GDPR applies to them in a legal sense. There is a need for EU law and international law to take each other better into account, so that IOs can enjoy their privileges and immunities also with regard to EU law and avoid conflicts with international law, while still providing a high level of data protection in their operations.

Download Full-text

Visual Surveillance Within the EU General Data Protection Regulation: A Technology Perspective

IEEE Access ◽

10.1109/access.2019.2934226 ◽

2019 ◽

Vol 7 ◽

pp. 111709-111726 ◽

Cited By ~ 8

Author(s):

Mamoona N. Asghar ◽

Nadia Kanwal ◽

Brian Lee ◽

Martin Fleury ◽

Marco Herbst ◽

...

Keyword(s):

Data Protection ◽

Visual Surveillance ◽

General Data Protection Regulation ◽

General Data ◽

The Eu

Download Full-text

How Data Protection Regulation Affects Startup Innovation

Information Systems Frontiers ◽

10.1007/s10796-019-09974-2 ◽

2019 ◽

Vol 21 (6) ◽

pp. 1307-1324 ◽

Cited By ~ 6

Author(s):

Nicholas Martin ◽

Christian Matt ◽

Crispin Niebel ◽

Knut Blind

Keyword(s):

Empirical Evidence ◽

Data Protection ◽

Rapid Growth ◽

Business Development ◽

Data Driven ◽

General Data Protection Regulation ◽

Policy Responses ◽

General Data ◽

Firm Responses ◽

The Eu

AbstractWhile many data-driven businesses have seen rapid growth in recent years, their business development might be highly contingent upon data protection regulation. While it is often claimed that stricter regulation penalizes firms, there is only scarce empirical evidence for this. We therefore study how data protection regulation affects startup innovation, exploring this question during the ongoing introduction of the EU General Data Protection Regulation (GDPR). Our results show that the effects of data protection regulation on startup innovation are complex: it simultaneously stimulates and constrains innovation. We identify six distinct firm responses to the effects of the GDPR; three that stimulate innovation, and three that constrain it. We furthermore identify two key stipulations in the GDPR that account for the most important innovation constraints. Implications and potential policy responses are discussed.

Download Full-text