Towards the Adoption of EU General Data Protection Regulation

An Empirical Study of Businesses’ Perception on Privacy and Data Protection

More Info


The EU General Data Protection Regulation (EU GDPR) is about to come in force in May 2018. It poses new queries for both policymakers and businesses. Policymakers want o know how effective the new EU GDPR will be while the businesses would like to know how the EU GDPR should be implemented. To answer that question, empirical studies on how businesses/organizations implement privacy and data protection as well as their perception towards the EU GDPR are needed. This thesis aims to answer the fill this gap by mixed methods. Literature review and interview are exercised to get the current practices, while survey and statistic analyses are done to investigate the organizations' plans to change related to the EU GDPR. The findings are interesting, which include but not limited to the existence of DPO and organizations' high dependency would not limit the organizations' plan to change. Based on the findings, a number of recommendations are formulated for both policymakers and the practitioners, such as the encouragement to designate a DPO, to specify different approach of enforcement by policymaker for different industrial sectors and to be open to having menu of contracts by organizations for a balanced flexibility.