Running Head: THE IMPACT OF GDPR ON GLOBAL IT POLICIES 1
THE IMPACT OF GDPR ON GLOBAL IT POLICIES 3
THE IMPACT OF GDPR ON GLOBAL IT POLICIES
Abstract
The General Regulation of the EU on Data Protection (GDPR) provides essential safeguards in the field of privacy, which offer new challenges and potential opportunities for organizations worldwide. However, worldwide organizations must make GDPR compliance changes to minimize GDPR liability. This editorial preface discusses the benefits and threats of the effect of GDPR on global technology growth. We also speak about how China and the US, the two world economic giants, could respond more effectively to GDPR threats and possibilities.
Introduction
The GDPR, which became law on May 25, 2018, is a data protection law that establishes rules on the collection, storage, and management of data of persons living in the European Union (EU, 2016). This legislation applies to all individuals residing in the EU. To satisfy the new demands on privacy raised by digital technology advancement, the new law increases EU data protection. Although the GDPR also covers EU citizens, it has a global impact that impacts every EU business entity that provides services or keeps data regarding EU nationals, which are personally identifiable.
GDPR offers users with a broad degree of control to be overlooked, including the right to withdraw permission. In the same period, the information controllers and processors, including data protection, are required to record all their processing activities by the layout and by necessity. GDPR notes that businesses must seek the customer's permission for data collection and ' implementing successful technological and functional measures ' to protect personal data for EU citizens. (Kaushik et al. 2018).
In May 2018, the European Union adopted a General Data Protection Regulation, which drew a specific conclusion regarding the worlds most detailed and common law on data security, with substantial and unexpected consequences on multinationals. In the months before it began, both inside and outside of Europe, businesses failed to adhere. However, as many as 80% of the firms concerned were still short of this goal on the eve of enforcement.
A year on, businesses continue to work to achieve full conformity with their newly founded regulations. The government will be more confident. Data processing and the processing of complaints in most European countries have doubled, although businesses of all sizes develop violations and associated penalties practices and processes.
The non-conformity to GDPR was held accountable by organizations that process data belonging to EU citizens. GDPR offers a new obstacle, as well as potentially stricter security measures, protocols, and procedures to protect, handle and maintain your data and ensure compliance with GDPR, technology firms, and providers of cloud services, data centers, and advertisers. Afterward, we were probably subjected to s ...
Running Head THE IMPACT OF GDPR ON GLOBAL IT POLICIES1THE IMPA.docx
1. Running Head: THE IMPACT OF GDPR ON GLOBAL IT
POLICIES 1
THE IMPACT OF GDPR ON GLOBAL IT POLICIES 3
THE IMPACT OF GDPR ON GLOBAL IT POLICIES
Abstract
The General Regulation of the EU on Data Protection (GDPR)
provides essential safeguards in the field of privacy, which
offer new challenges and potential opportunities for
organizations worldwide. However, worldwide organizations
must make GDPR compliance changes to minimize GDPR
liability. This editorial preface discusses the benefits and
threats of the effect of GDPR on global technology growth. We
also speak about how China and the US, the two world
economic giants, could respond more effectively to GDPR
threats and possibilities.
Introduction
The GDPR, which became law on May 25, 2018, is a data
protection law that establishes rules on the collection, storage,
and management of data of persons living in the European
Union (EU, 2016). This legislation applies to all individuals
residing in the EU. To satisfy the new demands on privacy
raised by digital technology advancement, the new law
increases EU data protection. Although the GDPR also covers
2. EU citizens, it has a global impact that impacts every EU
business entity that provides services or keeps data regarding
EU nationals, which are personally identifiable.
GDPR offers users with a broad degree of control to be
overlooked, including the right to withdraw permission. In the
same period, the information controllers and processors,
including data protection, are required to record all their
processing activities by the layout and by necessity. GDPR
notes that businesses must seek the customer's permission for
data collection and ' implementing successful technological and
functional measures ' to protect personal data for EU citizens.
(Kaushik et al. 2018).
In May 2018, the European Union adopted a General Data
Protection Regulation, which drew a specific conclusion
regarding the worlds most detailed and common law on data
security, with substantial and unexpected consequences on
multinationals. In the months before it began, both inside and
outside of Europe, businesses failed to adhere. However, as
many as 80% of the firms concerned were still short of this goal
on the eve of enforcement.
A year on, businesses continue to work to achieve full
conformity with their newly founded regulations. The
government will be more confident. Data processing and the
processing of complaints in most European countries have
doubled, although businesses of all sizes develop violations and
associated penalties practices and processes.
The non-conformity to GDPR was held accountable by
organizations that process data belonging to EU citizens. GDPR
offers a new obstacle, as well as potentially stricter security
measures, protocols, and procedures to protect, handle and
maintain your data and ensure compliance with GDPR,
technology firms, and providers of cloud services, data centers,
and advertisers. Afterward, we were probably subjected to
substantial EU sanctions. GDPR identifies personal information
as anything to identify a person. That includes personal data
such as names, email addresses, social security numbers, IP
3. addresses, telephone numbers, place of birth, and other genetic,
economic, cultural, and social identification details. It includes
information. Large technology firms such as Google, Twitter,
and Amazon have revised their GDPR Conformity Compliance
Policies and Practices. By comparison with non-compliant,
GDPR-compliant organizations probably have a competitive
advantage.
The preface aims at addressing its impact on the global
development of technology, given the worldwide implications of
the GDPR. Given that numerous online and press articles
discuss GDPR's broad business impact, this essay focuses on
GDPR's challenges and opportunities in the US and China, both
the world's leading economic powers.
Impact on Technology Platforms
GDPR will have a significant effect on the software systems and
frameworks, now capturing, storing, and processing personal
data (Mackay, D. 2017). Because GDPR has high data
controller and processor specifications for managing personal
information, including development and automatic data
protection, which tracks all storage operations, organizations
will have to carry out a thorough internal evaluation of their
software infrastructure and data structure, including a variety of
information systems, applications, servers, data warehouse, and
data processing locations. Following an internal review,
organizations will likely have to conform to the GDPR's
implementation mechanisms and data layout. It should be
reengineered to minimize the risk of GDPR non-compliance, in
some instances, current structures or networks.
GDPR also allows organizations to provide EU nationals with
absolute privacy rights such as forgetfulness rights, access
rights to information, portability of data, and automated
decision-making clarification rights (Kaushik et al. 2018). If a
user wishes to find out what and for what purposes a company
collects personal data about him or her, the user can ask the
business to provide a timely response (Right to access data).
Thousands of customers are intrigued about the data handling
4. methods of big tech companies like Amazon and Alibaba, who
handle customer private information, sometimes they raise
requests for their personal data removal from the company
databases (the right to be forgotten).
There can be thousands of customer requests for how the
company uses its data daily by big firms such as Amazon and
Alibaba where the consumer does not object to the way the
company handles its data, the customer may allow the
corporation to remove personal data (the right to be forgotten).
UK and EU worker's businesses also need to collect personal
information about their employees, such as photographs, bank
details, tax and retirement reports, health records, CVs,
application forms, and pay and holiday approvals (Beacham, J
2018Is GDPR prepared for practice?).To answer the client's/
employees ' demand for the efficacy of the exposure or
elimination of personal data from the process, an organization
may involve modifying and reengineering the existing platforms
and systems. Throughout general, client and worker personal
data from all outlets should be established first, including
customer relationships, human resources management systems,
records, and files. Third, a comprehensive query method must
be put in place to identify and collect personal data across all
networks, frameworks, databases, and structures of software
(Mackay, D 2017). GDPR's technological effects –is your
device ready? The company is not able to guarantee that all
personal information concerning the client or employees is
adequate without a systematic search tool.
Organizers have a lot to do and spend on software systems
improvement, privacy policy improvement, advertising practices
change, data storage and process adjustment, etc., for them to
comply with the GDPR requirements. To American and Chinese
companies, the effect is especially significant because the USA
and China, both world’s two largest economies, have many EU-
companies. According to a study by PricewaterhouseCoopers,
between $1 billion and $10 million was projected to be invested
by 68 percent of American companies to meet GDPR criteria.
5. US companies generally ramp up Pulse Survey.
Data Protection Regulation (GDPR) Budgets. Such high costs
would ironically be passed on to consumers, weakening Chinese
and American firms ' competitive advantage. However, the
GDPR is a potential weapon of the European Commission to
warn non-EU companies, including Chinese and American
companies, of data protection problems and the prevention of
acquisitions and fusions.
Several Chinese and American companies agreed that GDPR
criteria should be fulfilled. Chinese TV giant Huawei, for
example, has appointed data protection officers after May 21,
2018, and YouTube has stopped supporting the distributed
advertising services to third parties throughout Europe. Sadly,
there's still something we don't like. The Chinese smart lighting
device maker, Yeelight, has confirmed that it is no longer
selling European consumer services, as is Facebook and its
WhatsApp and Instagram branches, as is Google, just a few
hours after its GDPR entry into effect. The reality that GDPR
heavily influences the market for foreign businesses in the EU
also reflects the condition.
Impact on Cybersecurity
The practical effects of GDPR are still established as companies
continue to comply with the regulations under the law. Last year
a nearly 500,000 companies licensed data protection officers,
and the different data security agencies in Europe have issued
more than 200,000 violation claims. DPAs have generated some
95 000 reports, with the numbers growing each month, that
show the increasing perception that the public knows their
privileges as GDPR information subjects.
While the last fines (over 20 million euros and 4 percent of the
world's annual turnover) have yet to be imposed, global
companies have been disciplined by GDPR for differing breach
rates totaling over 56 million euros. To date, the French
protection agency CNIL had taken the most significant action
when it discovered Google violating the rules on openness and
approval and fined the Web giant € 50 million. DPAs consider
6. this to be the end of broader, more costly compliance
initiatives.
The potential penalties under the guideline on data protection
inspire businesses of all sizes to enforce data protection laws
across regions and to take adequate measures to comply. As
well as the typical risk measurements, corporate leaders
consider the figure of their potential fines under GDPR now.
While some businesses outside Europe, in general, have
difficulty determining if their organizations are immune to
GDPR, others have robust protections in anticipation of
increased global competition. The payroll is mainly a
significant source of personal data, making data protection
capabilities of your payment services provider extremely
important.
GDPR should have implications on the cybersecurity policies
and practices of organizations, as it calls for businesses to
enforce effective data protection measures to protect private or
private data of users from loss of data and publication. Article 5
of the GDPR outlines some of the main requirements of
confidentiality and data protection, e.g., obtaining approval
from data processing participants, anonymizing data collected
for data protection purposes, including notices for breaches of
data, safe handling of cross-border data transfer, and allowing
all organizations to designate a data protection officer to
supervise GDPR enforcement. GDPR requires that, except for
specific incidents involving cyber-security breaches or privacy
misuse.
The information controller informs the supervising body
without unnecessary delay and, if appropriate, not less than 72
hours after notification. "And businesses must step up their
efforts to defend themselves against risks or breaches and
increasing GDPR responsibility. Increasing competition will
improve with GDPR for cyber-security experts and information
protection officers. To address the recent lack of expertise for
cybersecurity experts and data protection officers, all
government and engineering companies will be required to
7. engage in more cybersecurity training and education systems
(Withey, V. 2018). Impact of GDPR on the technology sector.
The high GDPR demand for personal data security gives
companies a new chance. Privacy and safety often come with
user confidence, which is one of the main problems in modern
business. Scandals surrounding the threat of personal data
protection and the way companies have misused or marketed
their consumer data in recent years have raised concerns over
the general public and have negatively affected consumer
confidence (Midha, V. (2012). The study of Capgemini suggests
that 39 percent of customers pay more if they feel that their data
is being covered by an entity (Institute for Analysis, Capgemini
2018). In other terms, increasing consumer confidence in
information privacy and safety can lead to increased revenue
and a competitive boost (Conroy et al. 2014). Protection in the
consumer product business for personal data. Chinese and
American companies must take advantage of this opportunity to
improve their data security capability, so they can not only
mitigate GDPR legal liability but also gain customers ' loyalty
and produce specific competitive advantages for those who do
not comply entirely with GDPR.
Impact on Emerging Technologies
We agree that the GDPR will have a significant impact on
emerging technology development. Enhances in efficiency and
productivity include emerging technologies such as artificial
intelligence, block chains, and cloud computing. Emerging
technologies are essential for commercial promotion and are one
of the countries ' most significant strategic forces. But it is
worth noting that these techniques provide value through high-
quality data and algorithms. Stricter data management and
retrieval laws are likely to hinder the design and use of new
technologies and ultimately increase the costs of developing
new technologies.
As for block chains, the information controller is complicated
for each node to define, and it is puzzling that it fulfills specific
responsibilities (Wallace et al. 2018). Additionally, as the
8. information from each node in the block chains influences
subsequent documents, block chain users will no longer enjoy
the performance, efficacy, and removal of data, as stated in
Articles 17 and 16 of the GDPR. As for block chains, the
information controller is hard to identify, and each node is hard
to comply with strict requirements (Wallace et al. 2018).
Furthermore, since block chain users were unable to withdraw
or amend information (as set out in Article 16 and 17 GDPR)
because the data of every node in the block chain impacts future
documents, block chain users are no longer able to exercise
efficacy or performance. In the field of cloud computing, GDPR
shall provide cloud platform operators with responsibilities that
will need to notify data subjects according to Articles 13 and 14
of all planned processing.
This will undoubtedly cause logistical problems and increase
the cost of managing a cloud platform because Cloud storage
performance is dependent on an optimum allocation of resources
that is dictated by current activities and is not fully defined
once information is obtained.
While many Chinese and American companies must comply
with the GDPR, European companies still have the most
significant impact on emerging technologies, mainly for EU
residential, personal data. If a significant technological change,
which appears not possible in the short term or in any other
way, cannot adequately overcome the constraints above by the
EU emerging technologies, development and implementation in
the Union will be significantly slowed down. Many other
sectors that are also significantly affected, including credit
cards, e-commerce, or smart production, are backed up by
emerging technologies. By comparison, advances and the use of
this new technology would make it more difficult for Chinese
and US firms than for EU businesses because they can produce
products better match their domestic consumers. Over the long
term, Chinese and US companies in emerging technologies can
create more competitive advantages than EU firms.
Recommendations
9. We agree that China and the US must aggressively react to these
opportunities and threats, considering the significant and
widespread effects of GDPR. Although many Chinese and
American companies do not strictly follow the GDPR, they
think that protecting the privilege is an essential requirement
for further development and a vital means of maintaining
competitive conditions. The following recommendations are
made in this editorial.
Focusing on Improving Privacy Protection Methods
China and the US must establish reliable and active modes of
data storage of new technologies to improve their ability to
protect personal data. It may concentrate on enhancing security
and privacy approaches to address the conflict between
openness and productivity, such as anonymization and
information extraction methods. Organizational behavior also
needs to be discussed and learned from both experience and
innovation. For example, how do they quantify and bridge the
gap that a company needs to traverse to comply with GDPR?
How can I measure GDPR value for an enterprise?? Fortunately,
the GDPR's assessment of data protection impact is an excellent
way to test new privacy protection technology.
If there is one aspect that is obvious after GDPR's first year,
there is a lot of talk about improvements to the global data
security and privacy laws for employees. With the
implementation and review of Data Management policies by
various new regions and countries, the GDPR will allow
employers to take account of a thorough examination and
assessment, whether it is influenced by EU law as a guideline.
Payroll managers need to be informed at each level of their
system of where, when, and how payroll information is handled,
as the contractor is eventually responsible for the security of the
data. Make sure that all data processing is certified in or out of
business complying with the requirements of the privacy
legislation of the company, and keep your responsibilities
informed. While we begin our path to data protection, it should
10. be remembered that non-compliance could lose a company
everything while compliance is costly.
Paying Attention to Trust Building
The central issue of individual rights to dictate when, how, and
through who their personal information will be used is the
hundreds of thousands of cases received by DPAs in the past
year. Enterprises have been informed about approval since the
end of GDPR planning, which indicates if necessary, when and
how to obtain permission. Yet for most organizations, support is
a difficult challenge.
The all-round banners requesting website visitors to establish
data preference were the precautions of their consent age and
continue to do so today because they regularly remind people of
how their data are being reasserted. Today businesses explore
the effects of that shift of command, know how to respond to
user preferences and what to do when people say no.
Requests submitted over the last year address several topics,
spanning from unequal procurement and unnecessary
advertising to exposure to and redemption-this is the previous
problem that companies face to check GDPR's scope. The
outcome of the persistent uncertainties is that companies must
give priority to the process of obtaining and keeping the consent
of individuals in each case of data use.
Regardless of the activity of an organization, GDPR rendered
each company a data controller because, for payroll purposes,
they gathered and retain worker information and personal
details. Employers who come under GDPR should comply not
only with the legislation but can also demonstrate their
compliance, whether they are processing their wage payroll or
exporting their global salary. To this end, businesses must
inform their employees how their data are used and maintain
their agreement to make use of them outside the required
compliance with a contract such as payroll, whatever the terms
of their use.
Growing customer trust could significantly reduce GDPR-
11. related concerns of businesses that have business and research
ties with the European Union. Also, showing users openness and
honest privacy is an effective way to improve their confidence
and reputation. Organizations worldwide should step up their
privacy risk management and data protection activities to
succeed in the EU market or be successful in the European
Union.
Conclusion
For future technological advances, GDPR will have a significant
impact. Those who can satisfy GDPR expectations, and those
who can't fail should excel in the end (Wright, T. (2017). The
GDPR's effect on communications and cybersecurity
technologies. While much debate is taking place about the
possible GDPR risks, we encourage companies to view GDPR as
a Strategic Chance in this data-driven environment to achieve a
competitive edge. Global technology businesses should step up
their efforts to ensure compliance with GDPR information,
procedures, products, and services. We invite researchers and
professionals to research and exchange perspectives on
questions related to GDPR compliance and enforcement.
In many crucial areas, the ability to help IS and IT. For
example, IS analysis that recommends systems, approaches, and
structures that satisfy GDPR's criteria for the revocation and
permanent removal of broad-based personal information?
(Patsakis, C et al. 2018). The costs to achieve compliance with
GDPR are measured, various factors impacting GDPR
enforcement are established, environment and local
circumstances are analyzed, and GDPR is evaluated on
procedures and its results. The value of achieving compliance is
calculated.
The operator determines the function and means of accessing
personal data. A computer is liable for processing personal data
on behalf of a database. As an example, the GDPR places
specific legal criteria on you when you are a database. You
must keep records and retain procedures as personal data. You
have legal liability if you are liable for a violation. However, if
12. you are a processor, you are not relieved from your obligations
– the GDPR places additional requirements on your company to
guarantee that your contracts with manufacturers are GDPR
compliant.
Snow's study examined the response of the citizen to the data
protection law and its influence on web use last year, in
addition to its effects on companies. What the officials noticed
was that citizens were slightly upset by the improvement in data
protection, but still thought it needed further security measures.
Seventy-four percent of the world's respondents reported that
pop-ups and opt-ins had risen to seek permission to use personal
details. Such documents will usually warn consumers that their'
cookies' are used for research, personalized material, and
advertising possibilities.
Since the posts have become more popular on the internet, 19%
said that the applications had "negative effects on your
performance," while 32% said that they had been steadily
disrupted. Around 49% of respondents said that the volume of
spam they get has either risen or not modified independently of
the GDPR rules.
While the GDPR protection law is annoying, 74% of
respondents said they thought that more protections were
required for the technology industry. 24% of respondents said
they were feeling vulnerable, 19% said they were nervous, and
29% said they were hopeful for the state of technology.
References
Beacham, J. (2018). Is your practice GDPR ready? In Practice,
40(3), 124–125. [Web of Science ®]
Capgemini Research Institute. (2018). seizing the GDPR
Advantage: From mandate to high-value opportunity. Retrieved
from https://www.capgemini.com/wp-
content/uploads/2018/05/GDPR-Report_Digital.pdf
Conroy, P., Narula, A., Milano, F.,
& Singhal, R. (2014). Building consumer trust - Protecting
13. personal data in the consumer product
industry. Retrieved December 21, 2018,
from https://www2.deloitte.com/insights/us/en/topics/risk-
management/consumer-data-privacy-strategies.html
European Union. (2016) Global data protection regulation. Off J
Eur Union 49: L119. Retrieved from https://gdpr-info.eu
Kaushik, S., & Wang, Y. (2018, December 20). Data privacy:
Demystifying the GDPR. Retrieved
from https://ischool.syr.edu/infospace/2018/05/25/data-privacy-
demystifying-gdpr/
Mackay, D. (2017). The impact of GDPR from a technology
perspective – is your platform ready? Retrieved December 20,
2018, from https://www.ness.com/11101-2/
Midha, V. (2012). Impact of consumer empowerment on online
trust: An examination across genders. Decision Support
Systems, 54(1), 198–205. doi:10.1016/j.dss.2012.05.005
[Crossref], [Web of Science ®]
Politou, E., Alepis, E., & Patsakis, C. (2018). Forgetting
personal data and revoking consent under the GDPR: Challenges
and proposed solutions. Journal of Cybersecurity, 4(1), tyy001.
doi:10.1093/cybsec/tyy001
[Crossref], [Web of Science ®]
PwC. (2017). Pulse survey: US companies ramping up the
General Data Protection Regulation (GDPR) budgets. Retrieved
from
https://www.pwc.com/us/en/services/consulting/library/gdpr-
readiness.html
Wallace, N., & Castro, D. (2018). The impact of the EU’s new
data protection regulation on AI. Retrieved
from https://www.datainnovation.org/2018/03/the-impact-of-
the-eus-new-data-protection-regulation-on-ai/
Withey, V. (2018, December 20). The impact of GDPR on the
technology sector. Retrieved
from https://gdpr.report/news/2018/03/19/the-impact-of-gdpr-
on-the-technology-sector/
Wright, T. (2017). The impact of GDPR on marketing
14. technology and cybersecurity. Retrieved December 22, 2018,
from https://martechtoday.com/impact-gdpr-marketing-
technology-cybersecurity-201635
Retrieved from:
https://www.dlapiper.com/en/europe/insights/publications/2019/
02/data-privacy-law-2018-2019/ on 26/10/2019.