UCL Discovery Stage
UCL home » Library Services » Electronic resources » UCL Discovery Stage

“It May Be a Pain in the Backside but...” Insights into the Resilience of Business after GDPR

Buckley, Gerard; Caulfield, Tristan; Becker, Ingolf; (2023) “It May Be a Pain in the Backside but...” Insights into the Resilience of Business after GDPR. In: New Security Paradigms Workshop (NSPW ’22). ACM: North Conway, NH, USA. (In press). Green open access

[thumbnail of buckley_it_2022.pdf]
Preview
Text
buckley_it_2022.pdf - Accepted Version

Download (560kB) | Preview

Abstract

The General Data Protection Regulation (GDPR) came into effect in May 2018 and is designed to safeguard European Union (EU) citizens’ data privacy. The benefits of the regulation to consumers’ rights and to regulators’ powers are well known. The benefits to regulated businesses are less obvious and under-researched. We conduct exploratory research into understanding the sociotechnical impacts and resilience of business in the face of a major new disruptive regulation. In particular, we investigate if GDPR is all pain and no gain. Using semi-structured interviews, we survey 14 senior-level executives responsible for business, finance, marketing, compliance and technology drawn from six companies in the UK and Ireland. We find the threat of fines has focused the corporate mind and made business more privacy aware. Organisationally, it has created new power bases within companies to advocate GDPR. It has forced companies to modernise their platforms and indirectly benefited them with better risk management processes, information security infrastructure and up to date customer databases. Compliance, for some, is used as a reputational signal of trustworthiness. Many implementation challenges remain. New business development and intra-company communication is more constrained. Regulation has increased costs and internal bureaucracy. Grey areas remain due to a lack of case law. Disgruntled customers and ex-employees weaponise Subject Access Requests (SAR) as a tool of retaliation. All small and medium-sized businesses in our sample see GDPR as overkill and overwhelming. We conclude GDPR may be regarded as a pain by business but it has made it more careful with data. It created a short-term disruption that monopolised IT budgets in the run-up to GDPR and created a long-term disruption to company politics as Compliance and Information Security leverage the regulation for budget and control. The rising trend in the number of fines issued by national data protection regulators and the establishment of new case law will continue to reshape organisations.

Type: Proceedings paper
Title: “It May Be a Pain in the Backside but...” Insights into the Resilience of Business after GDPR
Event: New Security Paradigms Workshop (NSPW ’22)
Location: North Conway, NH, USA
Open access status: An open access version is available from UCL Discovery
DOI: 10.1145/3584318.3584320
Publisher version: https://doi.org/10.1145/3584318.3584320
Language: English
Additional information: © The authors 2022 For the purpose of open access, the authors have applied a Creative Commons Attribution (CC BY) licence to this author’s accepted manuscript. The definitive version was published in: ACM ISBN 978-1-4503-9866-4/22/10 DOI: 10.1145/3584318.3584320
Keywords: GDPR, General Data Protection Regulation, GDPR Busi
UCL classification: UCL
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Security and Crime Science
URI: https://discovery-pp.ucl.ac.uk/id/eprint/10171462
Downloads since deposit
4,180Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item