An analysis of violations and sanctions following the GDPR
| Autor(a) principal: | |
|---|---|
| Data de Publicação: | 2021 |
| Outros Autores: | |
| Tipo de documento: | Artigo |
| Idioma: | eng |
| Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| Texto Completo: | https://doi.org/10.12821/ijispm090102 |
Resumo: | This paper investigates the violations and sanctions that have occurred following the implementation of the General Data Protection Regulation (GDPR). The GDPR came into effect in May 2018 with the aim of strengthening the information privacy of European Union/European Economic Area citizens. Based on existing taxonomies of (i) potential consequences of violating the GDPR (including surveillance, discrimination), (ii) an analysis of 277 sanctions, and (iii) interviews with experts, we offer a mapping of the violations and sanctions almost two years after the regulation was implemented. The most typical complaints were, in descending order: unlawful processing and disclosure of personal information, failure to act on and secure subject rights and personal information, and insufficient cooperation with supervising authorities. Our analysis also indicates an increasing number of fines over time. Regarding size, the fines range from 50,000,000 euros to (symbolic?) 90 euros. While research on GDPR violations and sanctions is somewhat scarce, our study mainly confirms existing findings: that the GDPR is complex and challenging. However, our study provides insight on some of the challenges. Our contribution is mainly practical and aimed at managers in any organization whose goal is to protect information privacy and to learn from the mistakes made by other companies. We also welcome more research on the topic. |
| id |
RCAP_e44d1b12a8a093c4c98184615cba5fc2 |
|---|---|
| oai_identifier_str |
oai:journals.uminho.pt:article/3547 |
| network_acronym_str |
RCAP |
| network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| repository_id_str |
7160 |
| spelling |
An analysis of violations and sanctions following the GDPRprivacyGeneral Data Protection RegulationGDPRdata managementviolationssanctionsThis paper investigates the violations and sanctions that have occurred following the implementation of the General Data Protection Regulation (GDPR). The GDPR came into effect in May 2018 with the aim of strengthening the information privacy of European Union/European Economic Area citizens. Based on existing taxonomies of (i) potential consequences of violating the GDPR (including surveillance, discrimination), (ii) an analysis of 277 sanctions, and (iii) interviews with experts, we offer a mapping of the violations and sanctions almost two years after the regulation was implemented. The most typical complaints were, in descending order: unlawful processing and disclosure of personal information, failure to act on and secure subject rights and personal information, and insufficient cooperation with supervising authorities. Our analysis also indicates an increasing number of fines over time. Regarding size, the fines range from 50,000,000 euros to (symbolic?) 90 euros. While research on GDPR violations and sanctions is somewhat scarce, our study mainly confirms existing findings: that the GDPR is complex and challenging. However, our study provides insight on some of the challenges. Our contribution is mainly practical and aimed at managers in any organization whose goal is to protect information privacy and to learn from the mistakes made by other companies. We also welcome more research on the topic.UMinho Editora2021-09-16info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttps://doi.org/10.12821/ijispm090102https://doi.org/10.12821/ijispm090102International Journal of Information Systems and Project Management; Vol. 9 N.º 1 (2021); 38-53International Journal of Information Systems and Project Management; Vol. 9 No. 1 (2021); 38-532182-7788reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAPenghttps://revistas.uminho.pt/index.php/ijispm/article/view/3547https://revistas.uminho.pt/index.php/ijispm/article/view/3547/3580Presthus, WandaSønslien, Kaja Felixinfo:eu-repo/semantics/openAccess2023-03-23T11:57:42Zoai:journals.uminho.pt:article/3547Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T17:45:13.425853Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
| dc.title.none.fl_str_mv |
An analysis of violations and sanctions following the GDPR |
| title |
An analysis of violations and sanctions following the GDPR |
| spellingShingle |
An analysis of violations and sanctions following the GDPR Presthus, Wanda privacy General Data Protection Regulation GDPR data management violations sanctions |
| title_short |
An analysis of violations and sanctions following the GDPR |
| title_full |
An analysis of violations and sanctions following the GDPR |
| title_fullStr |
An analysis of violations and sanctions following the GDPR |
| title_full_unstemmed |
An analysis of violations and sanctions following the GDPR |
| title_sort |
An analysis of violations and sanctions following the GDPR |
| author |
Presthus, Wanda |
| author_facet |
Presthus, Wanda Sønslien, Kaja Felix |
| author_role |
author |
| author2 |
Sønslien, Kaja Felix |
| author2_role |
author |
| dc.contributor.author.fl_str_mv |
Presthus, Wanda Sønslien, Kaja Felix |
| dc.subject.por.fl_str_mv |
privacy General Data Protection Regulation GDPR data management violations sanctions |
| topic |
privacy General Data Protection Regulation GDPR data management violations sanctions |
| description |
This paper investigates the violations and sanctions that have occurred following the implementation of the General Data Protection Regulation (GDPR). The GDPR came into effect in May 2018 with the aim of strengthening the information privacy of European Union/European Economic Area citizens. Based on existing taxonomies of (i) potential consequences of violating the GDPR (including surveillance, discrimination), (ii) an analysis of 277 sanctions, and (iii) interviews with experts, we offer a mapping of the violations and sanctions almost two years after the regulation was implemented. The most typical complaints were, in descending order: unlawful processing and disclosure of personal information, failure to act on and secure subject rights and personal information, and insufficient cooperation with supervising authorities. Our analysis also indicates an increasing number of fines over time. Regarding size, the fines range from 50,000,000 euros to (symbolic?) 90 euros. While research on GDPR violations and sanctions is somewhat scarce, our study mainly confirms existing findings: that the GDPR is complex and challenging. However, our study provides insight on some of the challenges. Our contribution is mainly practical and aimed at managers in any organization whose goal is to protect information privacy and to learn from the mistakes made by other companies. We also welcome more research on the topic. |
| publishDate |
2021 |
| dc.date.none.fl_str_mv |
2021-09-16 |
| dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/article |
| format |
article |
| status_str |
publishedVersion |
| dc.identifier.uri.fl_str_mv |
https://doi.org/10.12821/ijispm090102 https://doi.org/10.12821/ijispm090102 |
| url |
https://doi.org/10.12821/ijispm090102 |
| dc.language.iso.fl_str_mv |
eng |
| language |
eng |
| dc.relation.none.fl_str_mv |
https://revistas.uminho.pt/index.php/ijispm/article/view/3547 https://revistas.uminho.pt/index.php/ijispm/article/view/3547/3580 |
| dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
| eu_rights_str_mv |
openAccess |
| dc.format.none.fl_str_mv |
application/pdf |
| dc.publisher.none.fl_str_mv |
UMinho Editora |
| publisher.none.fl_str_mv |
UMinho Editora |
| dc.source.none.fl_str_mv |
International Journal of Information Systems and Project Management; Vol. 9 N.º 1 (2021); 38-53 International Journal of Information Systems and Project Management; Vol. 9 No. 1 (2021); 38-53 2182-7788 reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
| instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
| instacron_str |
RCAAP |
| institution |
RCAAP |
| reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
| repository.mail.fl_str_mv |
|
| _version_ |
1799131536884236288 |