Abstract:
This paper deals with the topic of General Data Protection Regulation and its consequences for companies. Regulation defines new requirements that companies must meet by May 2018. These requirements changed the previous view on the management of personal data in organizations where some normative requirements became legally enforceable requirements. The circumstances of the adoption and requirements coming from new legislation are described as first while there is also outlined the relation with contemporal business administration approach and data protection management. On this basis, the readiness of businesses is evaluated by triangulation of more available studies and the main factors influencing the preparedness are also identified and analyzed. The final part is devoted to the process of GDPR implementation, consisting of carrying out the whole Data Protection Impact Assesment, as well as the mapping of data in organization.
Keywords: GDPR, data protection, DPIA, information management, risk analysis, compliance
DOI: 10.20472/IAC.2018.041.013
PDF: Download