The Impact of General Data Protection Regulation (GDPR) on Businesses. Case: Industrial News Service - INS Oy/Ab
Vuong, Tien (2019)
2019
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2019112522259
https://urn.fi/URN:NBN:fi:amk-2019112522259
Tiivistelmä
About over a year ago, the entry into force of the EU General Data Protection (GDPR) on May 25th was one of the biggest evolution of data privacy. Adopted by the European Union (EU) Member States, it replaced the Data Protection Directive (DPD) which had been applied for over a decade. Since the emerging of new technologies, the wide-spreading development of the internet and globalization, the implementation of the new Regulation is both necessary and imperative in order to secure the protection of personal data from being misused and harmonize the discrepancy of data protection laws in each Member State.
As a big step forward in the regulatory landscape of data privacy, GDPR had brought major changes to the way businesses used to operate, regardless of their industries. GDPR applies to all organizations that store or process EU citizens’ personal information, even if they do not have any business presence within the EU. Failure to comply with the GDPR requirements will result in stiff penalties and fines – up to €20 million or 4% of global revenue, whichever is greater.
The paper reviews a comprehensive information package on the GDPR and main changes that the new Regulation imposes. Based on that, the purpose of the thesis is to study the impacts of the GDPR on the business, in particular, SMEs in the B2B sector.
The thesis consists of theoretical and empirical parts. Database for the theoretical part co-vers comprehensive information on the background, and main changes of the GDPR to support a better understanding of the research. The empirical part, on the other hand, is set to determine whether these major changes brought by the new legislation can affect the business, which might lead to challenges or opportunities for organizations. The empirical part consists of two phases: a qualitative questionnaire and an interview. The questionnaires were sent to SMEs in B2B business located in the EU and non-EU countries. An interview with a case company on the subject was conducted to gain more insights.
The findings reveal many challenges that organizations have to overcome to ensure the GDPR compliance. On the other hand, there is also a possibility to embrace opportunities brought by the GDPR to gain competitive advantages and thrive in the new regulatory climate by building trust and reputation from the commitment to data protection as well as the GDPR. The research also finds out that the majority of the organizations assume the challenges outweigh the opportunities. Based on these findings and the interview result with the case company, more discussion and suggestions for the case company are given to achieve the GDPR compliance with less hindrance of these challenges and seize quickly the opportunities
As a big step forward in the regulatory landscape of data privacy, GDPR had brought major changes to the way businesses used to operate, regardless of their industries. GDPR applies to all organizations that store or process EU citizens’ personal information, even if they do not have any business presence within the EU. Failure to comply with the GDPR requirements will result in stiff penalties and fines – up to €20 million or 4% of global revenue, whichever is greater.
The paper reviews a comprehensive information package on the GDPR and main changes that the new Regulation imposes. Based on that, the purpose of the thesis is to study the impacts of the GDPR on the business, in particular, SMEs in the B2B sector.
The thesis consists of theoretical and empirical parts. Database for the theoretical part co-vers comprehensive information on the background, and main changes of the GDPR to support a better understanding of the research. The empirical part, on the other hand, is set to determine whether these major changes brought by the new legislation can affect the business, which might lead to challenges or opportunities for organizations. The empirical part consists of two phases: a qualitative questionnaire and an interview. The questionnaires were sent to SMEs in B2B business located in the EU and non-EU countries. An interview with a case company on the subject was conducted to gain more insights.
The findings reveal many challenges that organizations have to overcome to ensure the GDPR compliance. On the other hand, there is also a possibility to embrace opportunities brought by the GDPR to gain competitive advantages and thrive in the new regulatory climate by building trust and reputation from the commitment to data protection as well as the GDPR. The research also finds out that the majority of the organizations assume the challenges outweigh the opportunities. Based on these findings and the interview result with the case company, more discussion and suggestions for the case company are given to achieve the GDPR compliance with less hindrance of these challenges and seize quickly the opportunities