期刊论文详细信息
International Journal of Information Systems and Project Management
An analysis of violations and sanctions following the GDPR
Wanda Presthus1  Kaja Felix Sønslien2 
[1] Kristiania University College;Sopra Steria;
关键词: privacy;    General Data Protection Regulation;    GDPR;    data management;    violations;    sanctions;   
DOI  :  
来源: DOAJ
【 摘 要 】

This paper investigates the violations and sanctions that have occurred following the implementation of the General Data Protection Regulation (GDPR). The GDPR came into effect in May 2018 with the aim of strengthening the information privacy of European Union/European Economic Area citizens. Based on existing taxonomies of (i) potential consequences of violating the GDPR (including surveillance, discrimination), (ii) an analysis of 277 sanctions, and (iii) interviews with experts, we offer a mapping of the violations and sanctions almost two years after the regulation was implemented. The most typical complaints were, in descending order: unlawful processing and disclosure of personal information, failure to act on and secure subject rights and personal information, and insufficient cooperation with supervising authorities. Our analysis also indicates an increasing number of fines over time. Regarding size, the fines range from 50,000,000 euros to (symbolic?) 90 euros. While research on GDPR violations and sanctions is somewhat scarce, our study mainly confirms existing findings: that the GDPR is complex and challenging. However, our study provides insight on some of the challenges. Our contribution is mainly practical and aimed at managers in any organization whose goal is to protect information privacy and to learn from the mistakes made by other companies. We also welcome more research on the topic.

【 授权许可】

Unknown   

  文献评价指标  
  下载次数:0次 浏览次数:0次