Are we there yet? Understanding the challenges faced in complying with the General Data Protection Regulation (GDPR)

by   Sean Sirur, et al.

The EU General Data Protection Regulation (GDPR), enforced from 25th May 2018, aims to reform how organisations view and control the personal data of private EU citizens. The scope of GDPR is somewhat unprecedented: it regulates every aspect of personal data handling, includes hefty potential penalties for non-compliance, and can prosecute any company in the world that processes EU citizens' data. In this paper, we look behind the scenes to investigate the real challenges faced by organisations in engaging with the GDPR. This considers issues in working with the regulation, the implementation process, and how compliance is verified. Our research approach relies on literature but, more importantly, draws on detailed interviews with several organisations. Key findings include the fact that large organisations generally found GDPR compliance to be reasonable and doable. The same was found for small-to-medium organisations (SMEs/SMBs) that were highly security-oriented. SMEs with less focus on data protection struggled to make what they felt was a satisfactory attempt at compliance. The main issues faced in their compliance attempts emerged from: the sheer breadth of the regulation; questions around how to enact the qualitative recommendations of the regulation; and the need to map out the entirety of their complex data networks.


page 1

page 2

page 3

page 4


Analyzing the Impact of GDPR on Storage Systems

The recently introduced General Data Protection Regulation (GDPR) is for...

Model Driven Engineering for Data Protection and Privacy: Application and Experience with GDPR

In Europe and indeed worldwide, the General Data Protection Regulation (...

GDPR Compliance in the Context of Continuous Integration

The enactment of the General Data Protection Regulation (GDPR) in 2018 f...

We Are Not There Yet: The Implications of Insufficient Knowledge Management for Organisational Compliance

Since GDPR went into effect in 2018, many other data protection and priv...

Identifying Practical Challenges in the Implementation of Technical Measures for Data Privacy Compliance

Modern privacy regulations provide a strict mandate for data processing ...

Fast Compliance Checking with General Vocabularies

We address the problem of complying with the GDPR while processing and t...

rgpdOS: GDPR Enforcement By The Operating System

The General Data Protection Regulation (GDPR) forces IT companies to com...

Please sign up or login with your details

Forgot password? Click here to reset