Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Analysis of General Data Protection Regulation (GDPR) and Cyberlaws for ShelbyCo

Verified

Added on 2023/06/05

AI Summary

This article provides a critical analysis of the General Data Protection Regulation (GDPR) and Cyberlaws for ShelbyCo. It discusses the key issues raised by the Digital Vaccine Pass and the obligations of ShelbyCo under GDPR. It also compares the position between the UK and the EU for a social media company as a consequence of the implementation of Article 17 of Directive (EU) 2019/790 on copyright and related rights in the Digital Single Market (the “Copyright Directive”) in member states of the EU but not in the UK.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Cyberlaws

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Table of Contents
PART A...........................................................................................................................................3
Question 1. Critically analyse the key issues in relation to the General Data Protection
Regulation (GDPR) that the use of the Digital Vaccine Pass raises for ShelbyCo.....................3
Question 2. Critically analyse the obligations that ShelbyCo is subject to under the GDPR in
responding to this email and evaluate what information ShelbyCo is required to provide or not
provide to the employee in response to the employee’s request. ...............................................6
PART B............................................................................................................................................9
Question 3. Critically compare the position between the UK and the EU for a social media
company as a consequence of the implementation of Article 17 of Directive (EU) 2019/790 on
copyright and related rights in the Digital Single Market (the “Copyright Directive”) in
member states of the EU but not in the UK. ..............................................................................9
Question5. Critically evaluate the issues that arise under copyright laws in the UK in respect
of the Kooking4Kids website and advise your client as to any steps they should take with
respect to the Kooking4Kids website..........................................................................................9
REFERENCES..............................................................................................................................13

PART A
Question 1. Critically analyse the key issues in relation to the General Data Protection
Regulation (GDPR) that the use of the Digital Vaccine Pass raises for ShelbyCo.
Answer1. In the given situation, Shelby CO. is a global financial service company who have
approx. 1,000 employees in their London based organisation. Due to Covid pandemic, the CEO
of the organisation decided to conduct vaccination programme for their employees so that can
return back to their physical office. The CEO has introduced the “Digital Vaccination Pass” for
its employees across the globe. The systematic work of Digital vaccination pass required an
application that can be accessed by employees anytime with the help of their mobile phones. The
app connects each employees and validate whether they are properly vaccinated or not.
The general Data protection Regulation (GDPR) is a new legislation that are established to
replace the Data Protection Act of 1998 of UK. It covers wide range of protection that are
available to safeguard the right of the users (Egger and Springer, 2019). It is a comprehensive
legislation that provide data protection and aims to promote the privacy laws across the globe
and prior the importance of the rights of an individual. It modernised the personal information of
the individual and safeguards their right to privacy which is fundamental right as per the
International Convention of UDHR. It is the most effective mechanism that are beneficial for the
organisation to maintain the records of its employees so that their confidential information
cannot reveal to the general public.
Due to modernisation, cyber crime becomes the serious issue of every modern county. The
upgraded technology and use of various computerised application ease the working system of
every individual. It promotes innovation and new ideas and help the organisation to attract the
investors who have advanced technology and IT infrastructure. Similarly, these advancement
have some cons and disadvantages that stressed out the government and forced them to establish
the new legislation to provide the widest protection from the cyber criminals who tries to
manipulate the data and information of the clients. The earlier legislation on data protection Act,
1998 was very narrow and does not cover various aspect of data protection. Therefore, the
extensive statutes has been made in this regards to cover all the areas of data protection and
safety right of the individual.

The General Data Protection Regulation is considered one of the strongest legislation that laid
down several rules and regulation that are binding upon the users and informant. It was first
adopted in the year 2018 by the European parliament and European Council together to bring
rigidity in the data protection policy and effectively handle the information of the users.
Basically, it focuses on the personal data and monitors the vital information of the users such as
employee's name, address, contact number etc (Fai, Bradley and Powell, 2021) . The sensitive
information of the clients remains protected and safe. All the organisation, individuals,
companies and other controller and processor will comes under the purview of GDPR. Here, the
Shelby CO. is the controller of the “Digital vaccination Pass” whop are the actual application
developer and have full control over the purposes and means of data.
According to Article 5 of the GDPR is based on seven key fundamental principles that are
discussed below:
 Legality, Fairness, Transparency: The GDPR mechanism helps the organisation and
individuals by giving them statutory protection and effectively manage all the activities
that take place through “ Digital vaccination Pass”.
 Purpose limitation: It limits to such extent for which the application has designed for
specific purpose and objectives. The “ Digital vaccination Pass” is limited to maintain the
record of employees and their vaccination data. The objective of such principles to avoid
misuse of information and data stored in such application.
 data minimisation: This principles identifies only minimum information and data so that
more personal information cannot access by others. The overreaching of information are
avoided to and designed to meet the specific purpose of the digital application.
 Accuracy : It increases the accuracy of information and users can easily access the
required information.
 Storage limitation: GDPR's fifth principle is aimed to store the relevant data and
information to safeguard the right to privacy of the individual.
 Integrity and confidentiality: it is crucial to maintain the personal data from
unauthorised access and unlawful processing (Gal and Aviv, 2020) . It ideals with the
security and confidentiality of information so that hackers and cuber criminals can not
accessed them by breaching others privacy rights.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

 Accountability: this principle is important to legally comply with all the provisions of
the regulations by the organisation and trained the staffs for their effective handling and
processing of data. Data protection officer is responsible for systematic monitoring and
supervision of personal data that are designed for “ Digital vaccination pass”.
The General Data Protection Regulation (GDPR) offers several rights to the individual so that
the information can be easily access by a individual without causing any harm to the privacy
rights of the other. These available rights includes right to access information, right to
rectification , right to erase, right to restrict processing, data portability right, objection right and
right to develop decision and profiling. The strict legislation of GDPR imposes harsh liability for
causing security breach (Godinho de Matos and Adjerid, 2022) . It imposes huge monetary
liability over the offenders and decided by the ICO. However, the GDPR is a significance
legislation that is designed to develop new system, process and services to personalise the data
and others information through various digital applications. It helps the organisation to meet the
day to day responsibility to protect the data and handle the information. The GDPR applies to
personal data which is partially and fully automated and intended to record the personalised data.
The main objective of GDPR is to secure the public interest, conduct scientific research and
statistical data. Therefore, the GDPR will protect the data of all the employees of the Shelby Co.
as their vaccination data of employees are reman protected and safe.
Question 2. Critically analyse the obligations that ShelbyCo is subject to under the GDPR
in responding to this email and evaluate what information ShelbyCo is required to
provide or not provide to the employee in response to the employee’s request.
Answer 2: The General Data Protection Regulation (GDPR) is an advancement of the Data
Protection Act, 2018 where it is required from every individual to follow the rules in accessing
the personal data. These rules are known as principles of data protection where it is required
from the individual to lawfully use the information in an fair and transparent manner. The legal
issues that are related to use of communication technology through the medium of internet or
cyberspace is known as Cyber law. The rules that are provided for the imposition of
administrative fines are known as General Data Protection Regulation (GDPR). It is one of the
strictest privacy and security law in the world (Kounoudes and Kapitsaki, 2020) . The main
purpose of GDPR is to ensure that the person understands his resourcing and analysing tool

through the internet. It is the authority that deals in data protection and has the power to impose
fines if an individual is acceding any particular data without permission, consent or approval.
The obligations that the organisation of Shelby Co is subjected under the GDPR are as follows:
 To ensure the legal process of data in a lawful manner in consideration of the subject of
the matter which should be provided in a transparent manner.
 To ensure the collection and processing of data for specific purposes which should not be
in an inappropriate manner with the original purpose.
 To ensure the management of data which should be updated in timely basis and must be
accurate according the information provided.
 To ensure the correct compliance in order to demonstrate it in an appropriate manner.
The authority of GDPR is entitled with eight basic rights which are as follows:
 Right to be notified
 Right to object
 Right to restrict processing
 Right to have correct information
 Right to be informed
 Right to data potability
 Right to be forgotten
 Right to access
Under the above mentioned rights the company of Shelby can respond to the mail provided by
employee. In order to provide information to any employee of the organisation, the individuals
can access the personal data of a person with the permission in order to have free use of the
generated data. The data can also be transferred from one server to another with the easy access
of data portability. The information collected should be correct and appropriate in order to
validate the legality of the accessed data (Kretschmer and Giblin, 2021) . If there is any illegal
activity going on in cyber world then the individual even has the right to object and the
department of cyber should be informed about the issue In order to solve the matter in an
appropriate manner.
The information that Shelby Co is required to provide or not to provide to the employee in
response to the employee’s request will include the following steps:

Step 1: Whether the information that is required has identified the other individual or not in
regard to disclosing of information.
It is believed that while accessing the data, the individual has identified the other person or third
party while revealing the information to the user. If the third party does not does not allow the
accessing of information then names and documents can be deleted in order to consider the
privacy of third party.
Step 2: Is consent provided to other individual.
The consent of the party is very necessary and is even considered as a good practice in order to
maintain the privacy of a person. However a person is not bound to ask for consent. It may be
inappropriate in the following cases:
 if there are no contact details of the third party.
 if the user was not aware of the required request that is to be obtained in revealing of the
personal data of third party.
 If the person who has requested from the third person it would be very inappropriate if an
individual has made a SAR to the third person.
Step 3: While disclosing the information, whether it is reasonable or not.
It may not be easy to get the consent of third party if the third party is not interested in sharing
the information (McDonagh, 2021). Therefore the reasonable matter may be considered while
revealing the information of third party.
The data protection officer need to consider the following situations that includes:
 In order to disclose the information, the type of information needed to be considered.
 If the third party is under any obligatory duty of confidentiality.
 In order to get the consent of third party, if there is requirement of following any of the
steps or procedures.
 In order to procure the information, the capability of the third party will also be
considered.
 In order to receive the consent of third party, it is to be seen whether there is any refusal
to give consent by the third party.
Therefore the factor of confidentiality is to be seriously considered while disclosing the
information of third party without their consent. Whenever an individual discloses his
confidential information then the duty of confidence rises in order to prevent the information

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

from access of public. The privacy of the information must be maintained in order to protect the
confidentiality of the third part which may arise from:
 The matter of the third party which is considered confidential and will only be revealed to
the party or user who has gained consent from the respective owners or third party.
 The duty of confidence will generally include the relationship between the following
parties which includes the relationship of doctor and patient, employer and employee,
solicitor and client, trade union representative and member, counsellor and client, bank
and customer (Rachum-Twaig, 2018).
PART B
Question 3. Critically compare the position between the UK and the EU for a social media
company as a consequence of the implementation of Article 17 of Directive (EU)
2019/790 on copyright and related rights in the Digital Single Market (the “Copyright
Directive”) in member states of the EU but not in the UK.
Answer 3. There is a Digital Copyrights Directive forms which are the part of the European
Union Digital Single Market, its a reform which came into force on 6 June 2019. the United
Kingdom left the Union before the deadline i.e. 7 June 2021 for the implementation into national
law and after that the government of UK decided not to implement the Directive into national
law. The aim of the EU Directives on Copyright in the Digital Single Market to make the hands
of the shareholders powerful to enabling them a better negotiate and compensated fro the use of
copyrights contents. Regarding this there is an Article 17 of the CDSM which allows the
rightholders to discuss with the original owner of the content to shared and to utilised the
content.
Article 17 : online content sharing platforms
The Article 17 of CDSM is mainly design to transfer the power between copyright
owners and and the other sites which keeps the high amount of content of various user. It uses to
clarigy the law on intermediary liability fro these types of services. In these days the content
sharing platforms taking the advantages of the multitude defence in the E- commerce Directives
in a manner that are the one who are obligated to remove the content efficiently which breaks the
right of copyright on the request of the copyright holder. Basically under Article 17 those content
sharing platforms are liable who are using uploaded content fro their benefits, this activity will

infringes the third party copyright as the whole content will come in the knowledge of the public.
The Digital copyright Directive makes the thing clear that, they are not entitled to depend on the
hosting defence, however there is a new provisions which they applied (Rachum-Twaig, 2018).
As per the Directives the online platforms have to take the permission from the rights holders
refarding to upload the content by the users with the help of getting the license with the original
right holders. If the right holder denied to provide the license to uplaod the content of them then,
the online platforms were held liable for their unauthorised act to make their work available for
public. Even if the online platforms perform this activity then they have to show that they have;
They tried their level best to get the official document.
In the relevant of high industry standards of professional diligence, best efforts has been made to
ensure that the specific work are not available of te righ holder
They have to show that they acted with efficiency to protect the content of and made their best
effort to prevent the content uploading in future.
Position of UK
The United Kingdom makes it clear that after taking the name out from the Union they
wil not required to implement the provisions of the Digital copyright Directives. But at the end
of the scope some changes are made to implemented the Directives provisions in the UK. Aprt
from the Covid 19 crisis there are many sectors which hold the success. On the other hand it
would get expected that social media will continue to work hard fro the changes to protect their
plan. However the responsibility for online content sharing got increase would make the
government in a situation to pass the bill and dont get delayed due to Covid 19. Thus, it is being
proclaimed that all the reflections in the company and the directives drawn ion EU and UK is
attained thorough the law which focus on the vary culture. It manages the growth and the
functions in which the elections and the effective transposed areas are been drawn. The digital
single market DSM Directives maintained all the strategy through which they bring and analyse
all the single term and functions. Theory is being framed that all the acquis area s and the
members through which the multifaced areas and the norms are being taken is attained. This
draws all the online activo9tes and the functions through which the company and the UK
directives manage t6he competency through which they will eventually maintained the powering
culture and all the DSM incorporates the commission through which the residence and their

abrupt nature of working is been drain from the general areas. The copyright design which are
being given in DSM rae drawen thorugh all the transparency in the electronic areas and it
complies to give the nature of working in which the addressed culture and the effective potential,
barriers are being unleashed. this manage the growth and the surrounding through which the
reforming process and tie framing is attained. There are some suggestions which are made to
utilize the changes of the Directives due to which the UK might enjoy some advantages in
attracting the online content sharing platforms to its border. But it would not get happened, the
platforms denied the changes to safe the harbour plan. Becaise their content is convenient in the
other European countries in any situation, therefore there might be a chance of forcing the
platforms in serving the Eu and UK. In regard to press publication right also, the national version
of Article 15 dont look to solved the problems of the publishers in other European countries. But
for some changes they find the solutions on UK Statutes Books, changes in the copyright will
require to use the primary legislation. In the final UK drafts working text for the free trade
agreement in which the EU contains some sections on copyright. This comply that all the
principles which are given in the copyrights areas are helpful to frame the culture and functions
that draw the DSM in the retrospective nature.
Question5. Critically evaluate the issues that arise under copyright laws in the UK in
respect of the Kooking4Kids website and advise your client as to any steps they should take
with respect to the Kooking4Kids website.
Answer5. GDPR is a type or regulation which is created for businesses with the view to protect
the personal data and to ensure the privacy of European Union citizens for a transaction which
might occur with the European member states. Every company which runs a business is required
to comply with the regulations of GDPR and its non-compliance could cost a company
negatively. The companies which collects data on citizens of Eu requires to follow the rules in
order in order to protest the data of their customer (Schmitt, 2021). GDPR stands for General
Data Protection Regulation, which intends to set standards for consumer rights in relation to their
data, the companies are strictly required to maintain compliance with the regulations of GDPR.
Whereas, The Privacy and Electronic Communication (EC Directives) Regulations of 2003 is a
legislation of United Kingdom which is used for determining unlawful in comparison to other

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

things or which transmit for automated recorded message for doing marketing objectives by way
of telephone without the prior permission of the subscriber.
PECR are the part of UK law which aims to imposed the EU'S internet privacy directives and
guarantees to prevent privacy rights pertaining to electronic communication.
The rules of PECR are affected by regulations of GDPR in terms of consent, therefore, the duty
is imposed on the organisation to ensure complacence with both the regulations if they are
sending electronic marketing messages, it is mandatory to use cookies or avail electronic
communications services to the general public or their customer.
After Brexit, there are two types of version of the GDPR which needs to comply by the
organisations of the United Kingdom:
 GDPR of UK, with the DPA( Data Protection Act) 2018, which is made applicable to the
personal data of the residents of UK.
 The GDPR of European Union, is continued to apply to the processing of data of
European Union residents.
Privacy and Electronic Communication Regulations applies on digital marketing, which includes
telephone calls, messages, emails and faxes. It also use websites cokies in order to track the
visitor etc.
whereas, the GDPR developed to protect the privacy data such as:
 Health and generic information
 biometric data
 gender and sexual orientation
 religion and ethnic data
 It tracks location, IP address
 General identity of a person such as, name , address.
As per the directives of GDPR and PECR in relation to online marketing, it established a close
interconnection in which no marketing plan or data can be more forward without ensuring the
data protection right. Both the regulation are complementary to each other, the only key
difference between both is that GDPR is used for processing the personal data , whereas, the
PECR specifically relates to marketing the electronic means and it covers all the digital
marketing activities (Sharma, 2019) .

GDPR is more specific in certain terms and less specific in wider terms, because it is used in all
the aspects which involved in processing the personal information of customers. The GDPR
itself overlaps the rules of Data Protection Act as well as ICO, in this the organisations of United
Kingdom are the only responsible for regulating the data protection and privacy related rules.
Provided that, nothing in these rules or directives shall exempt an individual from his obligations
under the terms of Data Protection Act in respect to processing of personal data. Especially, for
marketers, a main area of interest in relation to GDPR provides a lawful basis for the processing
of data. These regulation sets six types of basis, wherein in most of the cases. Marketers required
to emphasize only;y on two that is , consent and legitimate interest.
The term Consent signifies an essential ,modification from PECR. Whereas, in GDPR, the bar
for consent is high. GDPR also needs acquire consent while processing data because it is a legal
basis and specific by the directives.
Processing data is the legitimate actions which is necessary for the legitimate interest of the data
controller. Such interests shall not override the rights or freedoms of the personal data.
In simpler words, it can be said that processing of data is the legitimate interest of a company,
because the area of processing data is covers by the legal terms. Because the the processing of
data is necessary (Tatar, Gokce and Nussbaum, 2020). The Kooking4Kids website can manage
the internal safety with which they can protect the client and their working through there general
terms and management. There is been drawn that all the client activates are to be taken into
consideration in which the approaches and the general working can be unanalysed and the
advice, perspective and suggestion of all the clients are to be taken under.
 There is to be drawn that all the devices in relation rot the aspect and challenges are to be
drawn and there is heeded ditto be framed the register ability, registration and the
extension for the clauses and functions.
 All the standards and the verdicts are required to be framed with which the company can
they’re by manage the ownership and can also adhere to develop the requisite of
knowledge and apprehension which will drawn their encompassing and the effective
expenses.
 The client or the website named Kooking4Kids can avoid all such infringement which
will somehow affect the company and they can manage and respect all the guidelines and
working of the company that is been drawn bey them in an instinctive manner.

 The terms conditions and the policies which are been drawn in it should be taken and
there is been needed that all the arras and the license are to be framed through the culture
and the copyright working and their software development.
 The web designers and the members who are being managing and attaining the work
through all the vary nature will some how require to manage the growth and development
and there is required to maintained the abrupt cultural satisfaction and the effective
functionality.
Thus, the Kooking4Kids can some how manage the privacy and also try to literally the
client’s vibe drawing and undertaking their feedbacks with the eventual a time period. Some
or the other way they can altos try to manage the growth with which the company can there
attain the growth through which they can eventuate all the effective culture and can also try
to retain the website and the very nature through which the growth can be framed.
From the given statement, it is evident that there is a lot of dark stuff which are bein g created
and published on digital media, for instance, there was a campaign conducted by the
Russians which was used to influence the presidential elections of the United Kingdom was
the digital propaganda (Škiljić, 2021) . There are contents which such as repugnant videos
with children being mocked influencing the to act unethically.
Thus, the GDPR defines several roles and responsibilities makes company liable to comply
with the processing data and to protect the personal data of the public.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

REFERENCES
Books and Journals
Egger, J.O. and Springer, D.G., 2019. Music educators’ understanding and opinions of US
copyright law. Update: Applications of Research in Music Education, 37(3), pp.20-27.
Fai, M., Bradley, J. and Powell, M., 2021. Cyber law: Online Safety Bill-An overview of the
enhanced regime. LSJ: Law Society of NSW Journal, (80), pp.68-70.
Gal, M.S. and Aviv, O., 2020. The competitive effects of the GDPR. Journal of Competition
Law & Economics, 16(3), pp.349-391.
Godinho de Matos, M. and Adjerid, I., 2022. Consumer consent and firm targeting after GDPR:
The case of a large telecom provider. Management Science, 68(5), pp.3330-3378.
Jones, M.L. and Kaminski, M.E., 2020. An American's Guide to the GDPR. Denv. L. Rev., 98,
p.93.
Kounoudes, A.D. and Kapitsaki, G.M., 2020. A mapping of IoT user-centric privacy preserving
approaches to the GDPR. Internet of Things, 11, p.100179.
Kretschmer, M. and Giblin, R., 2021. Getting creators paid: one more chance for copyright
law. European Intellectual Property Review, 43(5), pp.279-282.
McDonagh, L., 2021. Performing copyright: law, theatre and authorship. Bloomsbury
Publishing.
Rachum-Twaig, O., 2018. Copyright Law and Derivative Works: Regulating Creativity.
Routledge.
Rosenmeier, M., Szkalej, K. and Wolk, S., 2019. EU Copyright Law: subsistence, exploitation
and protection of rights. Kluwer Law International BV.
Schmitt, M., 2021. Terminological precision and international cyber law. Articles of War.
Sharma, S., 2019. Data privacy and GDPR handbook. John Wiley & Sons.
Škiljić, A., 2021. When Art Meets Technology or Vice Versa: Key Challenges at the Crossroads
of AI-Generated Artworks and Copyright Law. IIC-International Review of Intellectual Property
and Competition Law, 52(10), pp.1338-1369.
Spindler, G., 2022. Copyright Law 4.0. In Handbook Industry 4.0 (pp. 241-274). Springer,
Berlin, Heidelberg.
Tatar, U., Gokce, Y. and Nussbaum, B., 2020. Law versus technology: Blockchain, GDPR, and
tough tradeoffs. Computer Law & Security Review, 38, p.105454.
Yu, P.K., 2021. Third amendment to the Chinese Copyright Law. Journal of the Copyright
Society of the USA, 68.
Zhang, P., 2022. An Exploration of the Economics of Cyber Law and Policy (Doctoral
dissertation, Cornell University).

1 out of 14

+13062052269

info@desklib.com

Analysis of General Data Protection Regulation (GDPR) and Cyberlaws for ShelbyCo

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Data Protection and GDPR Compliance

Data Protection and Privacy Law in the Digital Age

International Business Strategies and Emerging Economies

Business And Society Assignment Solved

Confidentiality in Health and Social Care

Research Proposal