Abstract
The obligatory adaptation of Organizations to the General Data Protection Regulation (EU) 2016/679 (GDPR), will imply a set of legal, technological and functional changes, with a direct impact on the daily life of Organizations as a result of their increased responsibility with data protection subjects that has been reinforced by the new legislation. On the other hand, the transfer of responsibilities from the national authorities to the Organizations obliges them to prove, at all times, full compliance with the legislation. Organizations are subject to heavy fines when a non-compliance is detected. This new reality is a challenge for any Organization, and in particular for small and medium-sized enterprises (SMEs), which have fewer human and financial resources to carry out the necessary measures to comply with legislation. In order to know how SMEs are preparing themselves, we have conducted face-to-face interviews with ten industrial SMEs. The main conclusion is that, given these companies' lack of awareness of their obligations and duties in relation to Personal Data Protection, it is urgent to define a methodology to be able to comply with GDPR.
Highlights
The obligatory adaptation of Organizations to the GDPR (Regulation, 2016) will imply a set of legal, technological and functional changes, as well as the need to train managers and staff in general on this matter.We must consider that, in general, Organizations have the technical and human resources needed to fulfil their objectives and find it difficult to understand and identify the means and costs required to comply with the referred Regulation and the major alterations in personal data processing and protection it will imply.first and foremost, we must raise managing officialsawareness on this issue
First and foremost, we must raise managing officialsawareness on this issue. This regulation replaces Directive 95/46/CE (Directive, 1995), transposed to Portuguese law by Law no. 67/98 (Law on Personal Data Protection) (Law, 1998) still in force, which requires that Organizations communicate Personal Data processing to the National Committee on Data Protection (Comissão Nacional de Proteção de Dados - CNPD) before collecting, storing and processing data
The competitiveness rate assesses the potential of each region in terms of competitiveness, as well as the degree of efficiency in their strategy and efficiency in producing wealth, and the ability evidenced by business in competing at international level (INE, 2017)
Summary
First and foremost, we must raise managing officialsawareness on this issue This regulation replaces Directive 95/46/CE (Directive, 1995), transposed to Portuguese law by Law no. 67/98 (Law on Personal Data Protection) (Law, 1998) still in force, which requires that Organizations communicate Personal Data processing (there are some exemptions) to the National Committee on Data Protection (Comissão Nacional de Proteção de Dados - CNPD) before collecting, storing and processing data. In those cases in which Personal Data processing involves sensitive data, only upon authorization by the CNPD is it possible for the Organization to collect, store and process those data (Law, 1998). Replacing a “Directive” by a “Regulation" makes it applicable in all EU member states without the need of approval as national legislation and allows for harmonization of rules within the European Union (Stupka et al, 2017)
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
