Evaluating the Impact of the GDPR’s Data Subject Rights on Businesses
Date
2021-05-03
Authors
Journal Title
Journal ISSN
Volume Title
Repository Usage Stats
views
downloads
Abstract
In 2018, the European Union passed data governance legislation known as the General Data Protection Regulation (GDPR). The US lacks an equivalent policy, but many experts agree that the passage of a comprehensive privacy law is imminent. Existing literature suggests that the GDPR’s data subject rights contained in Articles 15 and 16 (the right to access and rectify personal data) are the most difficult for businesses to comply with. This research paper looks specifically at whether compliance challenges associated with Articles 15 and 16 of the GDPR differ by business size and sector. The findings reveal that small and mid-size enterprises are less likely to acknowledge Articles 15 and 16 of the GDPR within their privacy policy, less likely to clearly explain how consumers can access or rectify their data, and less likely to hire and retain dedicated privacy staff. Despite these disparities, small and mid-size enterprises fulfilled data access and rectification requests at roughly the same rate as large enterprises.
Type
Department
Description
Provenance
Subjects
Citation
Permalink
Citation
Thibault, Jaymi (2021). Evaluating the Impact of the GDPR’s Data Subject Rights on Businesses. Master's project, Duke University. Retrieved from https://hdl.handle.net/10161/22747.
Collections
Dukes student scholarship is made available to the public using a Creative Commons Attribution / Non-commercial / No derivative (CC-BY-NC-ND) license.