“It may be a pain in the backside but...” Insights into the resilience of business after GDPR

G. Buckley, T. Caulfield, Ingolf Becker
{"title":"“It may be a pain in the backside but...” Insights into the resilience of business after GDPR","authors":"G. Buckley, T. Caulfield, Ingolf Becker","doi":"10.1145/3584318.3584320","DOIUrl":null,"url":null,"abstract":"The General Data Protection Regulation (GDPR) came into effect in May 2018 and is designed to safeguard European Union (EU) citizens’ data privacy. The benefits of the regulation to consumers’ rights and to regulators’ powers are well known. The benefits to regulated businesses are less obvious and under-researched. We conduct exploratory research into understanding the socio-technical impacts and resilience of business in the face of a major new disruptive regulation. In particular, we investigate if GDPR is all pain and no gain. Using semi-structured interviews, we survey 14 senior-level executives responsible for business, finance, marketing, compliance and technology drawn from six companies in the UK and Ireland. We find the threat of fines has focused the corporate mind and made business more privacy aware. Organisationally, it has created new power bases within companies to advocate GDPR. It has forced companies to modernise their platforms and indirectly benefited them with better risk management processes, information security infrastructure and up to date customer databases. Compliance, for some, is used as a reputational signal of trustworthiness. Many implementation challenges remain. New business development and intra-company communication is more constrained. Regulation has increased costs and internal bureaucracy. Grey areas remain due to a lack of case law. Disgruntled customers and ex-employees weaponise Subject Access Requests (SAR) as a tool of retaliation. All small and medium-sized businesses in our sample see GDPR as overkill and overwhelming. We conclude GDPR may be regarded as a pain by business but it has made it more careful with data. It created a short-term disruption that monopolised IT budgets in the run-up to GDPR and created a long-term disruption to company politics as Compliance and Information Security leverage the regulation for budget and control. The rising trend in the number of fines issued by national data protection regulators and the establishment of new case law will continue to reshape organisations.","PeriodicalId":383761,"journal":{"name":"Proceedings of the 2022 New Security Paradigms Workshop","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2022 New Security Paradigms Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3584318.3584320","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

The General Data Protection Regulation (GDPR) came into effect in May 2018 and is designed to safeguard European Union (EU) citizens’ data privacy. The benefits of the regulation to consumers’ rights and to regulators’ powers are well known. The benefits to regulated businesses are less obvious and under-researched. We conduct exploratory research into understanding the socio-technical impacts and resilience of business in the face of a major new disruptive regulation. In particular, we investigate if GDPR is all pain and no gain. Using semi-structured interviews, we survey 14 senior-level executives responsible for business, finance, marketing, compliance and technology drawn from six companies in the UK and Ireland. We find the threat of fines has focused the corporate mind and made business more privacy aware. Organisationally, it has created new power bases within companies to advocate GDPR. It has forced companies to modernise their platforms and indirectly benefited them with better risk management processes, information security infrastructure and up to date customer databases. Compliance, for some, is used as a reputational signal of trustworthiness. Many implementation challenges remain. New business development and intra-company communication is more constrained. Regulation has increased costs and internal bureaucracy. Grey areas remain due to a lack of case law. Disgruntled customers and ex-employees weaponise Subject Access Requests (SAR) as a tool of retaliation. All small and medium-sized businesses in our sample see GDPR as overkill and overwhelming. We conclude GDPR may be regarded as a pain by business but it has made it more careful with data. It created a short-term disruption that monopolised IT budgets in the run-up to GDPR and created a long-term disruption to company politics as Compliance and Information Security leverage the regulation for budget and control. The rising trend in the number of fines issued by national data protection regulators and the establishment of new case law will continue to reshape organisations.
“这可能会让你很痛苦,但是……”洞察GDPR后的商业弹性
《通用数据保护条例》(GDPR)于2018年5月生效,旨在保护欧盟(EU)公民的数据隐私。监管对消费者权利和监管机构权力的好处是众所周知的。对受监管企业的好处不那么明显,研究也不够充分。我们进行探索性研究,以了解企业在面对重大的新颠覆性监管时的社会技术影响和弹性。特别是,我们调查GDPR是否只会带来痛苦而没有收获。通过半结构化访谈,我们调查了来自英国和爱尔兰6家公司的14位负责商业、财务、营销、合规和技术的高管。我们发现,罚款的威胁让企业集中了注意力,让企业更加注重隐私。在组织上,它在公司内部创造了新的权力基础来倡导GDPR。它迫使企业对其平台进行现代化改造,并间接受益于更好的风险管理流程、信息安全基础设施和最新的客户数据库。对一些人来说,合规被用作可信赖的声誉信号。许多实施方面的挑战依然存在。新业务开发和公司内部沟通受到更多限制。监管增加了成本和内部官僚主义。由于缺乏判例法,灰色地带仍然存在。心怀不满的客户和前雇员将主题访问请求(SAR)作为报复的武器。在我们的样本中,所有中小型企业都认为GDPR是过度杀伤和压倒性的。我们的结论是,GDPR可能被企业视为一种痛苦,但它使企业对数据更加谨慎。它造成了短期的破坏,在GDPR出台之前垄断了It预算,并对公司政治造成了长期的破坏,因为合规和信息安全部门利用该法规进行预算和控制。各国数据保护监管机构开出的罚单数量不断上升的趋势,以及新判例法的建立,将继续重塑企业组织。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信