Impact of GDPR Security Measures on the Intellectual Property and Unfair Competition

Abstract

The Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”) created a duty to implement appropriate technical and organizational measures to ensure a level of security to protect natural persons with regard to the processing of personal data. Infringement of this duty is severely punished. These GDPR security measures and their operation should effectively and efficiently reflect intellectual property (“IP”) and unfair competition concerns. The theoretic teleological interpretation of the GDPR along with the critical study of the academic literature is complemented by a practical exploratory investigation via a micro‑case study based on interviews of a well‑balanced group of subjects of this GDRP duty – Czech SMEs. Although the yielded results are rather indicative than generally conclusive, they allow to suggest a partial confirmation of the proposed hypotheses that this GDPR duty will have a significant impact on IP and unfair competition. The semi‑conclusions based on the primary and secondary data enlightens the status quo, offers recommendations and brings suggestions for further research.