Working in a Data (Protection) Driven Environment (eBook)

Master's Thesis from the year 2018 in the subject Law - Data protection, grade: 1,3, Steinbeis University Berlin (SIBE), language: English, abstract: This Thesis focuses on the implications of the GDPR on modern business environments – the organization as well as the products. Here, the scope of the thesis is determined by the connected Management Project and thusly focuses on the establishment of data protection as part of the business service portfolio of the author’s former employer. The following thesis will demonstrate the findings of the Management Project in a bottom-up structure – starting with the foundation of data protection management, analyzing product or service development and organizational change, and finally building up to Strategy Development.

Within the current business as well as administrative environment on date is currently being dreaded more than any other date: the 25th of May 2018. On this date the General Data Protection Directive (GDPR) is entering into force, bringing with its applicability various implications for business models and operations alike. Thus, the topic of data protection became a crucial factor for business, public reception and security.

Since the Snowden incident, the Safe Harbor Ruling of the European Court of Justice and ultimately the introduction of the GDPR the potential for threat scenarios increased significantly and now requires responsive actions on the respective management level. While the importance of data protections is now an omnipresent and a commonly known issue, it is still a rather neglected topic. It often bears the stigma of nuisance and implies costly implementation of measures and processes.
Nonetheless, businesses and governmental agencies have to adhere to data protection regulations, the demands of the digitalization and social pressure. Therefore, the compliance with Data Protection Law both in organizational operations and product/service development has incrementally gained a more essential role within company’s and administration’s structures during the last years. This is especially true for transnational contexts. Here, Data Protection Management encompasses privacy compliance and organizational privacy management as part of the information security risk management as well. Essentially the objective and responsibility of Data Protection Management is based in a complex legal framework and builds up to interconnected business models and organizational structures.