IMPACT OF GDPR TO DIGITAL MEDIA

This paper shall analyze the impact of General Data Protection Regulation (‘GDPR’) to concept of business of digital media, having in mind their overwhelming presence and especially their impact to private data of their clients or customers. Special features that are going to be dealt with in this paper relate to processing of personal data by digital media under the GDPR, which include teritorrial scope of GDPR and its global applicability, type of personal data processed by digital media, profiling and behavioral advertising, options for consent, the use of cookies and geographical location. Purpose of their processing shall be analysed as well, with reflection to some important cases and examples. It relies on widely understood concept of digital media, including social media, online news portals, blog websites and shall pursue to point out to some crucial changes that that digital media are facing now, and that will affect their way of doing business, after the GDPR became operative on 25 May 2018.

Download Full-text

The Proposed New EU General Data Protection Regulation

Computer Law Review International ◽

10.9785/ovs-cri-2012-33 ◽

2012 ◽

Vol 13 (2) ◽

Cited By ~ 3

Author(s):

Peter Traung

Keyword(s):

Data Protection ◽

Personal Data ◽

Net Benefit ◽

General Data Protection Regulation ◽

Administrative Burden ◽

General Data ◽

The Law ◽

Compliance With The Law ◽

Considerable Work ◽

The Impact

AbstractAmong other things, the proposed General Data Protection Regulation aims at substantially reducing fragmentation, administrative burden and cost and to provide clear rules, simplifying the legal environment. This article argues that considerable work is needed to achieve those goals and that the proposal fails to provide either substantial legal certainty or simplification, that it adds administrative burden while leaving ample risk of fragmentation. In particular, the proposal misses the opportunity of strengthening data protection while achieving substantial simplification through abolishing the controller/ processor distinction and allowing transfers with no reduction of the controller’s liability. Large parts of the proposal depend entirely on clarification through delegated acts issued by the Commission. Prospects for those being adopted look dire. Failing either delegated acts or substantial redrafting, those parts may become dead letter or worse. There is a highly problematic obligation to “demonstrate compliance” with the law. The proportionate alternative to a number of other obligations on controllers, such as to maintain various documentation, appoint data protection officers etc, is to include such obligations as possible behavioural sanctions in case of a proven breach of the law. The proposal also appears to raise issues regarding freedom of movement. The impact assessment largely fails to demonstrate a need and net benefit from the proposed additional obligations. It also appears to severely underestimate the costs of the proposals, partly due to what appears to be arithmetic errors. The proposal does interestingly and rudimentarily put a value on personal data, but the approach could be extended.

Download Full-text

PROTECTION OF THE RIGHT TO PRIVACY AT WORK IN THE PERIOD OF DYNAMICALLY DEVELOPING TECHNOLOGIES – TODAY AND TOMORROW

Roczniki Administracji i Prawa ◽

10.5604/01.3001.0012.6007 ◽

2018 ◽

Vol 1 (XVIII) ◽

pp. 335-353

Author(s):

Weronika Kupny

Keyword(s):

Privacy Protection ◽

Technology Development ◽

Personal Data ◽

Right To Privacy ◽

General Data Protection Regulation ◽

The Right To Privacy ◽

General Data ◽

The Right ◽

The Impact ◽

Modern Technologies

The protection of the right to privacy is one of the basic human rights and as a fundamental subject in most modern laws. Legal systems extend the privacy protection instruments to a significant extent, but at the same time they find reasons to strongly interfere in this area. Certainly, the dynamic development of modern technologies does not help the legislator to find a comprehensive solution. The article deals with the subject of privacy protection in the employment relationship on the area of innovation, technology development. In this study, the author also compares the impact of the use of modern technologies in the workplace today – in the light of the applicable regulations and tomorrow – taking into account enactment of Regulation (EU) 2016/679 of European Parlliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealinf Directive 95/46/EC (General Data Protection Regulation).

Download Full-text

The Impact of the GDPR on the Governance of Biobank Research

GDPR and Biobanking - Law, Governance and Technology Series ◽

10.1007/978-3-030-49388-2_4 ◽

2021 ◽

pp. 45-60

Author(s):

Mahsa Shabani ◽

Gauthier Chassang ◽

Luca Marelli

Keyword(s):

Personal Data ◽

Genomic Data ◽

Data Access ◽

Policy Documents ◽

General Data Protection Regulation ◽

Biobank Research ◽

Core Elements ◽

General Data ◽

The Impact ◽

Technical Measures

AbstractGovernance of health and genomic data access in the context of biobanking is of salient importance in implementing the EU General Data Protection Regulation (GDPR). Various components of data access governance could be considered as ‘organizational measures’ which are stressed in the Article 89(1) GDPR together with technical measures that should be used in order to safeguard rights of the data subjects when processing data under research exemption rules. In this chapter, we address the core elements regarding governance of biobanks in the view of GDPR, including conditions for processing personal data, data access models, oversight bodies and data access agreements. We conclude by highlighting the importance of guidelines and policy documents in helping the biobanks in improving the data access governance. In addition, we stress that it is important to ensure the existing and emerging oversight bodies are equipped with adequate expertise regarding using and sharing health and genomic data and are aware of the associated informational risks.

Download Full-text

Analysis of the Impact of the GDPR on Third-Party Risk Management Programs and Related Recommendations for Domestic as Well as International Corporate World

Business and Management Studies ◽

10.11114/bms.v6i1.4683 ◽

2020 ◽

Vol 6 (1) ◽

pp. 1

Author(s):

Lucie Andreisová

Keyword(s):

Risk Management ◽

Personal Data ◽

Third Party ◽

General Data Protection Regulation ◽

Corporate World ◽

Management Processes ◽

Methodical Approach ◽

General Data ◽

The Impact ◽

Practical Recommendations

The General Data Protection Regulation (hereinafter also the “GDPR”) has imposed several new rules on organisations (business companies) to protect EU individuals’ personal data. Organisations that are data controllers or data processors need to have assurance that their third-party suppliers/vendors as well as sub-contractors comply with applicable GDPR requirements – in other words, they are now responsible for personal data managed by their third-parties. The question however remains, whether and how they are ready to manage this in their business practice? Compliance with the above indicated GDPR requirements comprises of a specific methodical approach that should be carefully integrated into the existing third-party risk management programs. The success of this integration builds on several crucial considerations. Before weighing those, it is important to understand how GDPR (Article 28 in particular) places new requirements on suppliers/vendors and affects the overall third-party relationships. Considering the above, this paper discusses the specific GDPR requirements which were enacted to strengthen companies’ third-party risk management processes and includes a set of practical recommendations on how to establish/amend such programs in the corporate world.

Download Full-text

Assessment of the Impact of General Data Protection Regulation on Enterprise Security in the Russian Federation

Voprosy kiberbezopasnosti ◽

10.21681/2311-3456-2020-04-66-75 ◽

2020 ◽

pp. 66-75

Author(s):

Ilya Livshitz ◽

Keyword(s):

Russian Federation ◽

Data Protection ◽

Personal Data ◽

Protection System ◽

General Data Protection Regulation ◽

Personal Data Protection ◽

General Data ◽

The Russian Federation ◽

The Cost ◽

The Impact

Abstract The purpose of the study is to analyze the existing requirements for personal data security and assess the impact of these requirements on the enterprises security in the Russian Federation. Research method: the problem of ensuring the security of personal data in accordance with the requirements of the Federal law of the Russian Federation FZ-152 and the international General Data Protection Regulation is investigated. The article analyzes the possible risks of interrupting the normal activities of enterprises in the Russian Federation due to violations of these requirements for personal data protection and the imposition of significant fines by international regulators. Numerical relationships are estimated between the amount of fines for violations of established requirements, including General Data Protection Regulation, and the cost of creating an effectiveness personal data protection system. Estimates of the permissible degree of influence of the General Data Protection Regulation requirements on the enterprises security in the Russian Federation are obtained. Research result: a study and comparison of possible penalties for violation of compliance with the requirements of the Federal law of the Russian Federation FZ-152 and the international General Data Protection Regulation was performed. Risk assessments of sanctions for violation of the established requirements for personal data protection were obtained. The analysis of the cost of preparing a personal data protection system for compliance with the requirements of the General Data Protection Regulation was performed. Based on the data obtained, examples of calculating the degree of maturity of the security system are presented – based on the ratio of the share of the budget allocated for security in relation to the cost of creating an effectiveness personal data protection system and based on the ratio of the amount of the fine for violation of the established requirements. The importance of accounting for the costs of personal data security to ensure the security of enterprises in the Russian Federation, taking into account the requirements of the General Data Protection Regulation, is shown

Download Full-text

The Impact of the General Data Protection Regulation on Archives in Austria

Atlanti ◽

10.33700/2670-451x.28.2.123-130(2018) ◽

2018 ◽

Vol 28 (2) ◽

pp. 123-130

Author(s):

Elisabeth Schöggl-Ernst

Keyword(s):

Data Protection ◽

Personal Data ◽

General Data Protection Regulation ◽

General Data ◽

The Impact

The General Data Protection Regulation gets Austrian archival legislation and administration moving. Because of the General Data Protection Regulation, it is necessary to amend Austrian Archival Legislation. Before the General Data Protection Regulation came into force Archives as well as other administration departments had to list all processed personal data. The paper deals with different processed personal data, which had to be notified and with the problem that many administration bodies wanted to get rid of their records before the end of May. How private archives are affected and which measures they had to take the author will discuss in this paper.

Download Full-text

Selected Issues from the Dark Side of the General Data Protection Regulation

Review of Economic Perspectives ◽

10.2478/revecp-2018-0020 ◽

2018 ◽

Vol 18 (4) ◽

pp. 387-407 ◽

Cited By ~ 1

Author(s):

Eva Daniela Cvik ◽

Radka MacGregor Pelikánová ◽

Michal Malý

Keyword(s):

Negative Impact ◽

Personal Data ◽

Dark Side ◽

Primary Data ◽

General Data Protection Regulation ◽

Eu Member States ◽

General Data ◽

Negative Impacts ◽

The Impact ◽

The Eu

Abstract The Regulation (EU) 2016/679 on the protection of personal data (GDPR) was enacted in 2016 and applies from 25thMay 2018 in the entire EU. The GDPR is a product of an ambitious reform and represents a direct penetration of the EU law into the legal systems of the EU member states. The EU works on the enhancement of awareness about the GDPR and points out its bright side. However, the GDPR has its dark side as well, which will inevitably have a negative impact. Hence, the goal of this paper is twofold - (i) to scientifically identify, forecast, and analyze selected problematic aspects of the GDPR and its implementation, in particular for Czech municipalities, and (ii) to propose recommendations about how to reduce, or even avoid, their negative impacts. These theoretic analyses are projected to a Czech case study focusing on municipalities, which offers fresh primary data and allows a further refining of the proposed recommendations. An integral part of the performed analyses is also a theoretic forecast of expenses linked to the GDPR, which municipalities will have to include in their mandatory expenses and mid-term prognostic expectations regarding the impact on the budgets of these municipalities from Central Bohemia. The GDPR, like Charon, is at the crossing, the capacity and knowledge regarding its application is critical for operating in the EU in 2018. It is time both to admit that the GDPR has its dark side and to present real and practical recommendations about how to mitigate it.

Download Full-text

An Overview of Belgian Legislation Applicable to Biobank Research and Its Interplay with Data Protection Rules

GDPR and Biobanking - Law, Governance and Technology Series ◽

10.1007/978-3-030-49388-2_10 ◽

2021 ◽

pp. 187-213

Author(s):

Teodora Lalova ◽

Anastassia Negrouk ◽

Laurent Dollé ◽

Sofie Bekaert ◽

Annelies Debucquoy ◽

...

Keyword(s):

Data Protection ◽

Self Regulation ◽

Personal Data ◽

Legal Framework ◽

Presumed Consent ◽

General Data Protection Regulation ◽

Main Research ◽

Biobank Research ◽

General Data ◽

The Impact

AbstractThis contribution aims to present in a clear and concise manner the intricate legal framework for biobank research in Belgium. In Part 1, we describe the Belgian biobank infrastructure, with a focus on the concept of biobank. In Part 2, we provide an overview of the applicable legal framework, namely the Act of 19 December 2008 on Human Body Material (HBM), and its amendments. Attention is given to an essential piece of self-regulation, namely the Compendium on biobanks issued by the Federal Agency on Medicine Products and Health (FAMPH). Furthermore, we delineate the interplay with relevant data protection rules. Part 3 is dedicated to the main research oversight bodies in the field of biobanking. In Part 4, we provides several examples of the ‘law in context’. In particular, we discuss issues pertaining to presumed consent, processing of personal data associated with HBM, and information provided to the donor of HBM. Finally, Part 5 and 6 addresses the impact of the EU General Data Protection Regulation (GDPR), suggests lines for further research, and outline the future possibilities for biobanking in Belgium.

Download Full-text

Social media power for protest in Indonesia: The Yogyakarta’s #gejayanmemanggil case study

Jurnal Studi Komunikasi (Indonesian Journal of Communications Studies) ◽

10.25139/jsk.v4i3.2438 ◽

2020 ◽

Vol 4 (3) ◽

pp. 541

Author(s):

Ariza Fuadi

Keyword(s):

Social Media ◽

Digital Media ◽

Qualitative Method ◽

Online News ◽

The Public ◽

Media Technologies ◽

Media Power ◽

The Impact

Hashtag #GejayanMemanggil (Gejayan is Calling) became a trending topic on social media one day before the protest against several problematic laws, and the bills that were going to be passed. At that time, activists had successfully circulated the issues to the public through social media. As a result, at least 5000 protesters had joined in the protest in Yogyakarta. This phenomenon showed activeness of Indonesia’s civil society in the movement by involving digital media technologies. The author argued that social media allows the citizens, either communal or individual, to disseminate the issue and encourage others to join the protest in such short notice. This article aims to describe the role of social media and the impact of mobilisation through social media through the hashtag #GejayanMemanggil in the Yogyakarta movement. The qualitative method was employed to examine the phenomenon of the protests and to describe the role of social media. The data in this study was taken from online news, the official account of the movement, and blog posts. The results indicated that social media has the potential to trigger Indonesians to express their willingness and participate in activism.

Download Full-text

How Has the General Data Protection Regulation Changed the Routine of a Public Authority in Romania?

International Journal of Law and Public Administration ◽

10.11114/ijlpa.v3i1.4643 ◽

2020 ◽

Vol 3 (1) ◽

pp. 17

Author(s):

Kajcsa Andrea

Keyword(s):

Data Protection ◽

Personal Data ◽

Public Authorities ◽

General Data Protection Regulation ◽

General Data ◽

Data Portability ◽

The Right ◽

The Impact ◽

The Eu ◽

Public Bodies

The changes that have been brought about by the General Data Protection Regulation starting with May 2018 are complex and ambitious. The General Data Protection Regulation is one of the most wide ranging pieces of legislation passed by the EU in recent years, and it introduces many concepts that are yet to be fully discovered in practice, such as the right to be forgotten, data portability and data breach notification. This paper intends to analyze the main obligations that public bodies, particularly, have after the GDPR has entered into force, and to evaluate the impact this legislative act has on the routine activities carried out by public authorities in Romania. To reach our goal, we will make reference to the obligations that are specific to public administration authorities as well as to those that public bodies are exempted from. We will also analyze the national legislative measures adopted in Romania after GDPR started to be in force, and the degree to which these have particularized the way public bodies are allowed and obliged to process personal data in Romania.

Download Full-text