• Title/Summary/Keyword: GDPR

Search Result 39, Processing Time 0.031 seconds

The Effects of GDPR on the Digital Economy: Evidence from the Literature (GDPR이 디지털 경제에 미치는 영향: 문헌 자료에 근거하여)

  • Prasad, Aryamala;Perez, Daniel R.
    • Informatization Policy
    • /
    • v.27 no.3
    • /
    • pp.3-18
    • /
    • 2020
  • In the growing digitalized world, the European Union implemented the General Data Protection Regulation(GDPR) to establish a comprehensive data protection framework across member states. Given the constitutional roots of GDPR, the EU's regulatory approach is different than other data protection regimes. The new regulation has strengthened individual rights to data protection, but it also introduced several obligations for businesses that collect and process personal data. We review the existing literature on privacy, particularly GDPR, from a policy perspective. The evidence outlines data regulation's effects on competition, innovation, marketing activities, and cross-border data flows. The discussion highlights the tradeoffs between increased regulation of data protection and its effects on the market.

An Exploratory Study on the impact of EU Adequacy Decision on GDPR compliant companies (EU 적정성 결정이 GDPR 대상기업에 미치는 영향에 관한 탐색적 연구)

  • Kim, YoungSoo;Chang, Hangbae
    • Journal of Platform Technology
    • /
    • v.9 no.4
    • /
    • pp.32-41
    • /
    • 2021
  • The EU enacted a law strongly regulating the GDPR to protect the privacy of its citizens on 25 May 2018. Compliance with GDPR is an essential prerequisite for companies to enter the European market in the global economic era. In this paper, Step-by-step measures have been defined to conclude DPA agreements for the appropriate level of protection against EU personal data transfer. To explore the benefits and expected effects of determining appropriateness at the government level. As a result, enterprises benefit from simplifying processes, reducing time, and reducing costs when entering the EU. Government-level support in response to personal data breach and communication with the EU Commission will have a positive impact, However, even after the adequacy decision, the entity continues to need activities to secure personal data through compliance with GDPR principles and obligations. Major operations of companies that comply with GDPR are also maintained as important tasks that must be observed in most cases except for the Data Protection Agreement.

A Study on the Liberalization of Digital Trade and Trade Restrictiveness Factors of Data Privacy : Focusing on EU GDPR (디지털무역 자유화와 개인정보보호의 무역 제한적 요소에 대한 연구 : EU GDPR을 중심으로)

  • Ki-Hooon Woo;Sung-Shik Shin
    • Korea Trade Review
    • /
    • v.45 no.3
    • /
    • pp.71-89
    • /
    • 2020
  • This study was carried out to identify the impact of EU GDPR on international trade amid the ongoing digital trade liberalization. To do this, we first looked at the current trend of digital trade liberalization, the role of data in it, and the trade-restrictive elements of EU GDPR. This allowed us to identify the negative impact of GDPR on free trade. It then conducted an interview survey on Korean companies operating in the EU to verify the conclusions reached. The result of this survey showed that the level of GDPR risk perceived by Korean firms was very low compared with those of American, Japanese and Chinese firms. In particular, the impact of GDPR is not clear for Korea's SMEs. It can be assumed that the reason for this is that Korean SMEs are not using data as a major business tool while the capability of SMEs is sufficient to cope with GDPR. In this regard, the government's appropriate policies and further research for SMEs are needed.

A Comparative Analysis of EU GDPR with Privacy Laws in South Korea (EU GDPR과 국내 개인정보보호 법제 비교분석)

  • Kim, Sung Hyun;Lee, Chang Moo
    • Convergence Security Journal
    • /
    • v.18 no.5_1
    • /
    • pp.83-92
    • /
    • 2018
  • The GDPR implemented since 25 May 2018 is common to all EU Member States and is legally binding. It is also important and legally valuable in that it takes into account the latest trends related to privacy protection. The purpose of this study is to propose a comprehensive review and improvement direction of the personal information protection laws in South Korea through a comparative analysis of EU GDPR and privacy related laws in South Korea. As a result of this study, the differences between the GDPR and privacy related laws in South Korea are Definition of personal sensitive information, Right to data portability, Data protection officer, Transfers of personal data to third countries, Supervisory authority, and Punishment, etc. The differences in these regulations were necessary to protect the rights and interests of data subjects and to properly handle personal information of personal information controllers. Therefore, based on the results of the comparative analysis of this study and suggestions on improvement direction of the law related to personal information protection, it is expected that it will contribute to the overall inspection and improvement of the law related to personal information protection in South Korea.

  • PDF

A Study on the Methods for Ensuring the Transparency of the Privacy Policies in Android Environment: Based on General Data Protection Regulation (안드로이드 환경에서 개인정보 처리방침의 투명성 확보방안에 관한 연구: GDPR을 기반으로)

  • Paek, Inju;Oh, Junhyoung;Lee, Kyung-ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.6
    • /
    • pp.1477-1489
    • /
    • 2019
  • In this study, we analyzed the privacy policies of 50 Android applications that are on the top chart in EU members to present the methods for enhancing transparency based on GDPR (General Data Protection Regulation). Based on the guidelines in relation to transparency stipulated in WP29, this study extracted factors of transparency in order to ensure transparency of privacy data processing and carried out the verification procedures for each factor. The results revealed that the privacy policies provided in Google Play Store and applications need to be matched, the descriptions of the privacy policies need to be written in clear and plain language for readers to understand easily. and that it is necessary to provide information quickly and improve the descriptions of information which the data controller discloses. The research findings of this study could be used as a preliminary data for proactive responses to the EU's GDPR by substantially complying with the transparency of GDPR.

A Linkage Analysis of ISMS-P and GDPR; Focused on Personal Information Protection (ISMS-P와 GDPR의 개인정보보호 부문 연계 분석)

  • Park, Minjung;Yu, Jieun;Chai, Sangmi
    • Journal of Information Technology Services
    • /
    • v.18 no.2
    • /
    • pp.55-73
    • /
    • 2019
  • The importance of the personal information has been increased, there have been a lot of efforts to establish a new policy, certification or law for administrating personal information more effectively and safely. Korean government has operated ISMS and PIMS certification system to assess whether an organization has established and managed appropriate information security system or not. However, it has been addressed the needs for revising and modifying of PIMS and ISMS. It is evaluated there are a few overlapped criteria to assess information management system in both ISMS and PIMS. ISMS-P certification, combining with ISMS and PIMS, is, finally, suggested, in the recent. GDPR is established having an aim of primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. This study compares GDPR and ISMS-P, focusing on "personal information". It can be expected to contribute as followings. This study can be a criterion for self-evaluation of possibility to violate of GDPR of a firm in preparation for ISMS-P. Second, this study also aims to increase the understanding of the role of ISMS-P and GDPR, among various certifications with the purpose of assessment of the information security management system, by reducing the costs required to obtain the unnecessary certification and alleviating the burden. Third, it contributes to diffusion of ISMS-P newly implemented in Korea.

GDPR Compliant Consent Procedure for Personal Information Collection in the IoT Environment (IoT 환경에서 GDPR에 부합하는 개인정보수집 동의 절차)

  • Lee, Goo Yeon;Bang, Junil;Cha, Kyung Jin;Kim, Hwa Jong
    • The Journal of Korean Institute of Information Technology
    • /
    • v.17 no.5
    • /
    • pp.129-136
    • /
    • 2019
  • Many IoT devices like sensors lack screen and input devices, thus making them hard to meet the consent conditions that GDPR requires. This is acting as a legal barrier for further advancement in the business field. In this paper, we designed the process for consent of personal information collection that meets the legal conditions. In this design, user's personal data is received in an encrypted form by data collecting server first. The encrypted personal data can be decrypted after associating with user agent based on the consent procedure of the collection of personal information. During the consent procedure, user agent understands the privacy policy about personal information collection and offers the key to decrypt the data. This kind of personal information collection agreement procedure will satisfy the transparent and freely given consent requirements of GDPR. Thus, we can speculate from here that the proposed procedure will contribute to the evolution of IoT business area dealing with personal information.

GDPR Compliant Blockchain Based Access Control(GCBAC) (GDPR 준수 가능한 블록체인 기반 접근제어 시스템)

  • Lim, Joon Ho;Chun, Ji Young;Noh, Geontae;Jeong, Ik Rae
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.6
    • /
    • pp.981-997
    • /
    • 2020
  • Blockchain technology can provide a high level security based on a decentralized distributed ledger and consensus-based structure. In order to increase the utilization of blockchain technology, it is necessary to find a way to use it in fields that require personal data processing such as health care and e-commerce. To achieve this goal, the blockchain based system should be able to comply with data privacy regulations represented by European Union(EU)'s GDPR(General Data Protection Regulation). However, because of the properties of the blockchain like the immutability and decentralized recorded data, it is difficult to technically implement the requirements of the existing privacy regulations on the blockchain. In this paper, we propose a multi-chain based access control system that can guarantee the rights of the personal data subject required by GDPR by utilizing Chameleon Hash and Attribute Based Encryption (ABE). Finally, we will show through security analysis that our system can handle personal data while maintaining confidentiality and integrity.

Study on video information regulation and VPIC compliance issues in GDPR

  • Ryu, Ki-Il;Cho, Young-Im
    • Journal of the Korea Society of Computer and Information
    • /
    • v.22 no.6
    • /
    • pp.41-48
    • /
    • 2017
  • All the personal information controllers or processors collecting, processing and storing personal information through the entry into force of the EU GDPR (General Data Protection Regulation) are required to provide the basic principle of privacy by design at all stages of developing products or services throughout the organization, And to ensure that the basic rights of the subject of personal information are protected and that internal control techniques are provided to prevent any abuse or leakage. We will review the regulations and countermeasures required by the GDPR for video information with serious privacy problems, and propose a solution.

Legal Issues of Blockchain in Personal Information Protection : Based on GDPR and Personal Information Protection Act (개인정보보호법제 관점에서 본 블록체인의 법적 쟁점 GDPR 및 국내 개인정보보호법을 바탕으로)

  • Park, Minjung;Chai, Sangmi;Lee, Myoung Jun
    • Journal of Information Technology Applications and Management
    • /
    • v.25 no.2
    • /
    • pp.133-146
    • /
    • 2018
  • The technical definition of Blockchain is commonly known 'distributed ledger', however, there is no legal definition for being accepted in worldwide. Therefore, unless legal definitions and concepts of Blockchain are presented, there is a possibility that various legal disputes will occur in the future in Blockchain environment. The purpose of this study is to derive legal issues related to personal information protection that can be conflicted in Blockchain environment based on domestic Privacy Act and GDPR. The outcomes of this study can prevent various legal disputes and provide solutions that may occur due to the spread of Blockchain. It also suggests the foundation for the improvement of Privacy Act. Finally, it contributes to activate of Blockchain, industry, in Korea.