Q2. What have the authors stated for future works in "Eu general data protection regulation: changes and implications for personal data collecting companies" ?
However, personal data collection technologies and the ways to utilise the data can be expected to further develop in the future. To understand how companies are adapting to changes in legislation, implementing its new requirements and addressing related challenges, future empirical studies should be conducted among personal data intensive companies. Through empirical research of this kind, the means for implementing the changes and the appropriate concrete solutions can be followed and analysed, along with how field-specific data usage and management practices are formulated in companies.
Q3. Why is the EU at a disadvantage in the global competition with other countries?
Due to the inadequate harmonisation, Europe remains at a disadvantage in the global competition with other countries, such as the US and China (Dix, 2013).
Q4. What are the benefits of information systems of this kind?
Information systems of this kind may be beneficial specifically to SMEs because their usage can decrease the administrative costs associated with providing access to personal data.
Q5. What is the obligation of the controller and the processor to protect personal data?
Following an evaluation of the privacy risks, the controller and the processor must take the necessary measures to protect personal data against accidental or unlawful destruction or accidental loss and to prevent any unlawful forms of processing, particularly any unauthorised disclosure, dissemination or access, or alteration of personal data.
Q6. What are the new conditions for personal data transfers?
GDPR Articles 44–49 Corresponding articles in DIR95: Principles (Article 25) and derogations (Article 26) New conditions for personal data transfers: BCRs, approved code of conduct and approved certification mechanism are new means of appropriate safeguards for personal datatransfers to third countries or international organisations.
Q7. What is the obligation of the controller and the processor to notify the supervisory authority of a?
Under the GDPR, the controller or the processor is required to consult the supervisory authority prior to the processing only if the data protection impact assessment shows high privacy risks (Article 36).
Q8. What are the bodies, organisations or associations that may lodge a complaint on behalf of the data?
The bodies, organisations or associations that may lodge a complaint on behalf of the data subjects, aiming to protect the data subjects’ rights and interests, are also specified in the GDPR.
Q9. What is the right of the data subject to be forgotten?
GDPR Articles 16–20 Corresponding article in DIR95: Right of access (Article 12b–c) Data subject’s specified rights to rectification, erasure and restriction of processing of personal data: the conditions of the data subject’s right to be forgotten, the conditions ofthe data subject’s right to restriction of processing Data subject’s new right: data portability from one system to another