Abstract: | For years, data protection was viewed as an annoying task that companies »had to« say that they were successfully doing, but, they did not even lift a finger. In fact, they have often overlooked or underfunded this task. With the advent of the EU General Data Protection Regulations, all that changed. GDPR is one of the most wide-ranging pieces of EU legislation to date and carries such significant penalties that no company can afford to ignore it.
The GDPR broadens the term personal data and puts the user at the heart of data protection and privacy. Every EU resident will now have the rights to decide and manage how his or her personal data is being collected, stored, used, protected, transferred and deleted. Under GDPR the users can opt out of sharing personal data, forbid its further processing and request all data to be sent to them in a readable form or be erased completely from the system.
GDPR compliance requires large enterprises to make a full review of their data collection, usage and security practices when it comes to substantial amounts of user data. This will require them to create an efficient data governance framework, perform audits, employ specialized personnel, organize staff training and professional development courses to ensure every team member has a clear understanding of the GDPR principles and requirements. As these companies take steps towards compliance, they will inevitably face challenges along the way.
The fact is that we live in the digital era, where personal data is of high significance for companies, especially within customer data driven industries (e.g. social media platforms). Due to the new importance of personal data and its usage, the awareness for data privacy is increasing among people. Thus, good data privacy management is of high relevance for companies and customers.
We have dived our master's thesis into two parts, namely theoretical and practical. In the theoretical part, we focused on defining data privacy and data security, defining the new GDPR regulation and what changes it brings with it, what that means for large companies, such as Facebook and Apple and basically how ERP and CRM solutions are GDPR compliant. In the practical part we have presented how the selected start-up company Databox has prepared for implementing the new regulation. |
---|