Advanced search

Data protection by design and by default: a novel business compliance framework for effective adherence to EU General Data Protection Regulation (GDPR)

Download
[thumbnail of Redacted]
Preview
Text (Redacted) - Thesis
· Please see our End User Agreement before downloading. | Preview
[thumbnail of Cervantes_Thesis.pdf]
Text - Thesis
· Restricted to Repository staff only
Restricted to Repository staff only
[thumbnail of Cervantes_form.pdf]
Text - Thesis Deposit Form
· Restricted to Repository staff only
Restricted to Repository staff only
Advice

Please see our End User Agreement.

It is advisable to refer to the publisher's version if you intend to cite from this work. See Guidance on citing.

Tools
Add to AnyAdd to TwitterAdd to FacebookAdd to LinkedinAdd to PinterestAdd to Email
Lists

Lobato Cervantes, V. E. (2024) Data protection by design and by default: a novel business compliance framework for effective adherence to EU General Data Protection Regulation (GDPR). PhD thesis, University of Reading. doi: 10.48683/1926.00116933

Abstract/Summary

The General Data Protection Regulation (GDPR) was introduced to safeguard the privacy and personal data of individuals within the European Union. However, despite the legislators' best intentions, organisations have encountered significant challenges in adhering to its requirements, which can sometimes result in a "command that cannot be obeyed." An area that has been underexplored in the existing literature is Data Protection by Design and by Default (PbDD), which mandates that organisations implement appropriate technical and organisational measures to integrate data protection into their operations. However, issues of GDPR applicability arise due to factors such as the Regulation's lack of certainty, its complexity, and cost of implementation, as well as constraints related to storage limitation and technological compatibility. My thesis proposes a novel strategy for implementing PbDD, placing emphasis on the principles of data protection and individuals' rights. By adopting this approach, organisations are expected to mitigate many of the risks associated with processing personal data, in line with the requirements of PbDD expressed in Article 25 of the GDPR. This comprehensive PbDD-based compliance framework is referred to as the Data Protection Principles Approach (DPPA). The DPPA addresses tensions between data security, organisational data needs, and GDPR requirements. It helps ensuring compliance, considering the impact of technological advances and the legal landscape in the EU. It provides stronger mechanisms to safeguard individuals' rights and enhance control over personal data, while advocating for a policy-driven approach over outdated "win-win" evaluations based on business economics. In addition to critical reflection and doctrinal legal research, the methodology employed incorporates a distinctive approach to analysing primary data collected specifically for this research, both quantitatively and qualitatively. The data focuses on GDPR fines imposed by regulators in the EU and UK, providing rigorous insights into the edge issues that contribute to the development of the DPPA.

Altmetric Badge

Item Type Thesis (PhD)
URI https://reading-clone.eprints-hosting.org/id/eprint/116933
Identification Number/DOI 10.48683/1926.00116933
Divisions Arts, Humanities and Social Science > School of Law
Date on Title Page June 2023
Download/View statistics View download statistics for this item
Download Statistics

Downloads

Downloads per month over past year

Deposit Details

University Staff: Request a correction | Centaur Editors: Update this record

Search Google Scholar