This Thesis focuses on the implications of the GDPR on modern business environments – the organization as well as the products. Here, the scope of the thesis is determined by the connected Management Project and thusly focuses on the establishment of data protection as part of the business service portfolio of the author’s former employer. The following thesis will demonstrate the findings of the Management Project in a bottom-up structure – starting with the foundation of data protection management, analyzing product or service development and organizational change, and finally building up to Strategy Development.
Within the current business as well as administrative environment on date is currently being dreaded more than any other date: the 25th of May 2018. On this date the General Data Protection Directive (GDPR) is entering into force, bringing with its applicability various implications for business models and operations alike. Thus, the topic of data protection became a crucial factor for business, public reception and security.
Since the Snowden incident, the Safe Harbor Ruling of the European Court of Justice and ultimately the introduction of the GDPR the potential for threat scenarios increased significantly and now requires responsive actions on the respective management level. While the importance of data protections is now an omnipresent and a commonly known issue, it is still a rather neglected topic. It often bears the stigma of nuisance and implies costly implementation of measures and processes.
Nonetheless, businesses and governmental agencies have to adhere to data protection regulations, the demands of the digitalization and social pressure. Therefore, the compliance with Data Protection Law both in organizational operations and product/service development has incrementally gained a more essential role within company’s and administration’s structures during the last years. This is especially true for transnational contexts. Here, Data Protection Management encompasses privacy compliance and organizational privacy management as part of the information security risk management as well. Essentially the objective and responsibility of Data Protection Management is based in a complex legal framework and builds up to interconnected business models and organizational structures.
Inhaltsverzeichnis (Table of Contents)
- 1. Introduction
- Structure of the Thesis
- Research Question
- 2. Foundations of Data Protection – Protecting and securing data
- 2.1 Origin of Data Protection
- 2.2 Approaches to Data Protection
- 2.2.1 Comprehensive Laws
- 2.2.2 Sectoral Laws
- 2.2.3 Self-Regulation
- 2.2.4 Regulation through technology
- 2.3 Implication for Businesses: legal certainty or maneuverability
- 2.4 Data Protection in the European Union
- 2.4.1 European Data Protection Framework
- 2.4.4 European Data Protection Directive
- 2.4.5 General Data Protection Regulation
- 2.6 Practical Application: Data Driven Business implies Data Protection
- 2.7 Implication for Businesses: Transnational applicability and comprehensive framework of requirements
- 3. The economic relevance of Data Protection
- 3.1 Market analysis
- 3.1.1 Sociological Variables
- 3.1.2 Technological Variables
- 3.1.3 Economic Variables
- 3.1.4 Political and Legal Variables
- 3.2 Business Environment - Porter's Five Forces
- 3.2.1 Barriers to Entry
- 3.2.2 Bargaining Power of Buyers
- 3.2.3 Bargaining Power of Suppliers
- 3.2.4 Industry Competitors
- 3.2.5 Threat of Substitute Products
- 3.3 Economics of Cybercrime
- 3.4 Influential market developments
- 3.4.1 Digitalization and hyper-connectivity
- 3.4.2 Digitalization as a Management Issue
- 3.4.3 Big Data and Data Analytics
- 3.5 Practical Application: International transfer of personal identifiable data as foundation for business cases
- 3.6 Implication for Businesses: Compliance with legal standards can be a unique selling point
- 4. Product or Service Development
- 4.1 Legal Grounds for processing and transfer
- 4.1.1 Personal Data
- 4.1.2 Controller
- 4.1.3 Processor
- 4.1.4 Lawful Processing of Personal Data
- 4.1.5 Offering goods or services
- 4.2 Processes of Data Protection Management
- 4.2.1 Risk based approach
- 4.2.2 Data Protection Officer
- 4.2.3 Accountability, Documentation and Actualization
- 4.2.4 Transparency
- 4.3 Practical Application: Data Flow Mapping
- 4.4 Implication for Businesses: Comprehensive framework of requirements
- 5. Organizational Change
- 5.1 Organizational Dynamics
- 5.2 Organizational culture and barriers
- 5.3 Practical Application: Data Driven Organizations
- 5.5 Implication for Businesses: Transformational leadership in Data Protection
- 6. Strategy Development
- 6.1 International influence: Globalization
- 6.2 Potentials in a globalized world: digitalization, hyper-connectivity, and cyber-crime
- 6.3 Legal Framework for globalized activities in data driven business models
- 6.3.1 GDPR and Rome I and II Regulations
- 6.3.2 GDPR and Brussels I
- 6.5 Market Place Principle - development of strategies in a globalized data market
- 6.5.1 International Strategy
- 6.5.2 Localized or Multi-Domestic Strategy
- 6.5.3 Global (Standardization) Strategy
- 6.5.4 Transnational Strategy
- 6.5.5 Localization as an indicator for maturity
- 6.6 Practical Application: strategy Development
- 6.6.1 XY Strategy Development
- 6.6.2 Potential Markets
- 6.6.3 XY's strategic outlook
- 6.7 Implication for Businesses: Worldwide application of the GDPR
Zielsetzung und Themenschwerpunkte (Objectives and Key Themes)
This Master Thesis aims to analyze the impact of Data Protection Management on organizations, business cases, and leadership in a data-driven environment. It explores the evolving legal framework of data protection, particularly focusing on the General Data Protection Regulation (GDPR) and its implications for businesses operating in a globalized market.
- The evolution of data protection regulations and their impact on businesses.
- The economic relevance of data protection and its influence on market dynamics.
- The development of data protection management processes and their integration into organizational change.
- The formulation of strategic approaches to data protection in a globalized context.
- The role of leadership in navigating the complexities of data protection in a data-driven environment.
Zusammenfassung der Kapitel (Chapter Summaries)
The thesis begins by exploring the historical development and current approaches to data protection, examining the role of comprehensive laws, sectoral laws, self-regulation, and technology in shaping the landscape. It then focuses on the European Union's data protection framework, including the GDPR, analyzing its impact on businesses and the implications for transnational applicability.
The second chapter examines the economic relevance of data protection by analyzing market trends, including Porter's Five Forces and the influence of digitalization, hyper-connectivity, and big data. It explores the impact of cybercrime on the business environment and investigates the potential for compliance with legal standards to serve as a unique selling point.
The third chapter delves into product or service development, focusing on the legal grounds for processing and transferring personal data, the roles of controller and processor, and the principles of lawful processing. It outlines the processes of data protection management, including risk-based approaches, the role of the Data Protection Officer, and the importance of accountability, documentation, and transparency.
Chapter four investigates the organizational dynamics and cultural implications of data protection management, examining potential barriers and highlighting the importance of data-driven organizations. It explores the role of transformational leadership in driving organizational change towards a data protection-centric approach.
The final chapter explores the development of strategies for data protection in a globalized context, considering the international influences of globalization, the potential of digitalization and hyper-connectivity, and the legal framework for globalized activities. It analyzes different strategic approaches, such as international, localized, global, transnational, and localization strategies, and examines the implications of the GDPR's worldwide application.
Schlüsselwörter (Keywords)
This Master Thesis focuses on the intersection of data protection, organizational change, and global business strategy in a data-driven environment. Key terms and concepts include: Data Protection Management, GDPR, digitalization, hyper-connectivity, cybercrime, business case development, organizational culture, transformational leadership, global business strategy, and the market place principle.
- Quote paper
- Jan Alexander Linxweiler (Author), 2018, Working in a Data (Protection) Driven Environment, Munich, GRIN Verlag, https://www.grin.com/document/988697
