General Data Protection Regulation (GDPR) and UK Businesses

Verified

Added on 2020/10/22

AI Summary

This essay examines the General Data Protection Regulation (GDPR) and its impact on UK businesses. It begins by providing a background on GDPR, highlighting its purpose to regulate data processing and protect the privacy of individuals within the EU and EEA. The essay then explores the benefits of GDPR for both businesses, such as improved public relations, enhanced cybersecurity, and reduced maintenance costs, and for customers, including greater control over their data and increased security. The largest impact of this regulation is felt by technology firms, marketers and data brokers whose business model requires them to save, process and analyse consumer data for research as well as new product development purposes. The essay also discusses the potential penalties for non-compliance, affecting UK businesses in terms of accountability, breach reporting, documentation, and assessment. It concludes that GDPR enhances brand equity, promotes economies of scale, transparency, loyalty, and fairness in business interactions while also highlighting the positive effects on customer engagement and trust.

CAUSE AND EFFECT
ESSAY OF GDPR AND HOW
DOES IT AFFECT UK
BUSINESSES

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Table of Contents
GENERAL DATA PROTECTION REGULATION (GDPR)........................................................1
REFERENCES................................................................................................................................3

GENERAL DATA PROTECTION REGULATION (GDPR)
With the advent of rapid innovations in technology, a plethora of disruptions have
surfaced in the recent years. One such innovation included data processing and machine learning
which created information database on a large scale for businesses all around the world. To
regulate such technology, European Parliament and Council formulated a Data Protection
Directive (95/46/EC) that overlooked processes involving personal data of natural persons within
the purview of European Union (EU). In May 2018, this directive was repealed and replaced by
EU GDPR (Christensen and et.al., 2013). This regulation provides principles, provisions and
requirements relating to Data Protection and Privacy for individuals who are a member to the EU
as well as EEA (European Economic Area). It intends to preserve the freedom and fundamental
right of persons by regulating all the businesses that store and/or process personal information.
Here, businesses include all those entities that come under the purview of 'controllers' as well as
'processors' and requires them to appoint GDPR officers who would be responsible for internal
audit of entity's data systems. Hence, this ordinance encourages the consumers and data subjects
to be aware of the sensitive information stored in world's database without their knowledge
which will ultimately give consumers the power as well as the right to demand and delete
personal data that they do not wish to share with a business entity.
Although it is implemented to generate a greater control on the businesses by
safeguarding individual's right to privacy, it does benefit the two parties in its own fashion. Such
benefits have been enlisted below:
 For Businesses:
Compliance with this regulation would boost public relations and customer confidence
for the organization among the masses, thus, generating a higher brand equity for entities. In
addition to this, the regulation would also safeguard the business from any sort of data breach or
fraud enhancing the enterprises cyber-security practices. It will also reduce maintenance cost by
simply consolidating information to store data, thus providing better alignment with new
technology evolution. Also, greater personalization would encourage deeper knowledge of stored
data's underlying value resulting in better communication and engagement with the customers
(Mantelero, 2013).
 For Customers:
1

General Data Protection Regulation requires consent from the user before a company is
able to process it. This provides a better control and increased security for customer's sensitive
information giving them the right to demand and erase their information from any business
entity's database. The 'Right to Erasure' enables data subjects to be forgotten by requesting the
concerned entity to remove information from their portal by simply withdrawing subject's
consent. Audience will also be able to understand how their data is processed which will help
them ascertain whether their privacy is protected or not (Marelli and Testa, 2018).
The largest impact of this regulation is felt by technology firms, marketers and data
brokers whose business model requires them to save, process and analyse consumer data for
research as well as new product development purposes. Any act carried out in violation of this
regulation in regards to recording, security, notification breach and obligation to privacy impact
assessment shall attract a penalty equivalent to €10 million or 2% of the entity's global gross
revenue, whichever is higher. Whereas Violation of obligations in regards to lawful processing,
consent and cross-border transfer of data would attract a penalization of €20 million or 4% of the
business' global gross revenue, whichever is higher. This would affect the UK businesses in
terms of accountability, breach reporting, documentation and assessment.
As far as customers are concerned they be positively affected by this regulation as they
would be exposed to a much better and personalized customer engagement experience. The
extent of control handed by GDPR to the public largely impacts their attitude and perception
towards businesses as they are able to be more comfortable and trusting in regards to the data
processing operations of the enterprise. Additionally, GDPR ensures that consumers are heard
and safeguarded from any kind of unfair practices giving voice to their opinions (Tikkinen-Piri,
Rohunen and Markkula, 2018).
From the above essay, it can be concluded that GDPR has created quite a disruption
among the enterprises in regards to security and data handling practices prevalent in UK. This
law overcomes the shortcomings of previous directives and attempts to benefit both customers
and organisations in a manner that enhances brand equity, economies of scale, transparency,
loyalty and fairness while the two interact with each other on a daily basis in a given business
environment.
2

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

REFERENCES
Books and Journal
Christensen, L. and et.al., 2013. The impact of the data protection regulation in the EU. Intertic
Policy Paper, Intertic.
Mantelero, A., 2013. The EU Proposal for a General Data Protection Regulation and the roots of
the ‘right to be forgotten’. Computer Law & Security Review. 29(3). pp.229-235.
Marelli, L. and Testa, G., 2018. Scrutinizing the EU general data protection regulation. Science.
360(6388). pp.496-498.
Tikkinen-Piri, C., Rohunen, A. and Markkula, J., 2018. EU General Data Protection Regulation:
Changes and implications for personal data collecting companies. Computer Law & Security
Review. 34(1). pp.134-153.
3