• norsk
    • English
  • English 
    • norsk
    • English
  • Login
View Item 
  •   Home
  • Øvrige samlinger
  • Publikasjoner fra Cristin - Høyskolen Kristiania
  • View Item
  •   Home
  • Øvrige samlinger
  • Publikasjoner fra Cristin - Høyskolen Kristiania
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.

An analysis of violations and sanctions following the GDPR

Presthus, Wanda; Sønslien, Kaja Felix
Peer reviewed, Journal article
Published version
Thumbnail
View/Open
%2828%29-Presthus-Soenslien-Analysis-violations-sanctions-following-GDPR-IJISPM-2021.pdf (655.7Kb)
URI
https://hdl.handle.net/11250/3003511
Date
2021
Metadata
Show full item record
Collections
  • Publikasjoner fra Cristin - Høyskolen Kristiania [530]
  • Vitenskapelige publikasjoner fra Institutt for teknologi [139]
Original version
International Journal of Information Systems and Project Management. 2021, 9 (1), 38-53.   10.12821/ijispm090102
Abstract
This paper investigates the violations and sanctions that have occurred following the implementation of the General Data Protection Regulation (GDPR). The GDPR came into effect in May 2018 with the aim of strengthening the information privacy of European Union/European Economic Area citizens. Based on existing taxonomies of (i) potential consequences of violating the GDPR (including surveillance, discrimination), (ii) an analysis of 277 sanctions, and (iii) interviews with experts, we offer a mapping of the violations and sanctions almost two years after the regulation was implemented. The most typical complaints were, in descending order: unlawful processing and disclosure of personal information, failure to act on and secure subject rights and personal information, and insufficient cooperation with supervising authorities. Our analysis also indicates an increasing number of fines over time. Regarding size, the fines range from 50,000,000 euros to (symbolic?) 90 euros. While research on GDPR violations and sanctions is somewhat scarce, our study mainly confirms existing findings: that the GDPR is complex and challenging. However, our study provides insight on some of the challenges. Our contribution is mainly practical and aimed at managers in any organization whose goal is to protect information privacy and to learn from the mistakes made by other companies. We also welcome more research on the topic.
Description
General permission to republish in print or electronic forms, but not for profit, all or part of this material is granted, provided that the International Journal of Information Systems and Project Management copy right notice is given and that reference made to the publication, to its date of issue, and to the fact that reprinting privileges were granted by permission of SciKA - Association for Pro motion and Dissemination of Scientific Knowledge.
Journal
International Journal of Information Systems and Project Management
Copyright
Copyright©2021, SciKA

Contact Us | Send Feedback

Privacy policy
DSpace software copyright © 2002-2019  DuraSpace

Service from  Unit
 

 

Browse

ArchiveCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsDocument TypesJournalsThis CollectionBy Issue DateAuthorsTitlesSubjectsDocument TypesJournals

My Account

Login

Statistics

View Usage Statistics

Contact Us | Send Feedback

Privacy policy
DSpace software copyright © 2002-2019  DuraSpace

Service from  Unit