Internal Compliance Mechanisms for Firms in the EU General Data Protection Regulation

50 (3) Revue juridique Thémis de l'Université de Montréal (RJTUM) 783-820

38 Pages Posted: 25 Jan 2018 Last revised: 15 May 2018

See all articles by W. Gregory Voss

W. Gregory Voss

TBS Business School; Toulouse Business School; University of Toulouse - Toulouse Business School

Date Written: January 18, 2018

Abstract

The new EU General Data Protection Regulation (GDPR) establishes requirements (and certain incentives) for internal compliance mechanisms that do not exist in current legislation. These requirements, which will have an impact on internal processes and staffing of firms, such as the requirement in certain cases of engaging a data protection officer, of conducting a data protection impact assessment, or making notifications of data breaches, will require firms to organize themselves prior to the GDPR becoming applicable in 2018. This article sets out first the increased territorial scope of the GDPR, prior to discussing the increased accountability of firms, focusing on data protection impact assessments, prior consultation and prior authorization, data protection officers, and data breach notifications. On the way, certain differences among the various versions of the GDPR prior to its adoption on these points will be discussed. Finally, incentives for compliance are highlighted.

Note: This final formatted version was first published in 50(3) Revue juridique Thémis de l'Université de Montréal (RJTUM) 783-820, and is also accessible on the journal's website.

Keywords: GDPR, General Data Protection Regulation, European Union data protection law, compliance, data protection officer, DPO, data protection, data protection impact assessment, DPIA, data breach notification, data breach

JEL Classification: K2, K20, K22, K29, K33

Suggested Citation

Voss, W. Gregory, Internal Compliance Mechanisms for Firms in the EU General Data Protection Regulation (January 18, 2018). 50 (3) Revue juridique Thémis de l'Université de Montréal (RJTUM) 783-820, Available at SSRN: https://ssrn.com/abstract=3104800

W. Gregory Voss (Contact Author)

TBS Business School ( email )

1 Place Alphonse Jourdain
CS 66810
Toulouse Cedex 7, Occitanie 31068
France

Toulouse Business School ( email )

20, bd Lascrosses
Toulouse, 31068
France

University of Toulouse - Toulouse Business School ( email )

20, bd Lascrosses
BP 7010
Toulouse, 31068
France

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
291
Abstract Views
1,554
Rank
190,941
PlumX Metrics