:: LEX :: ANALYSIS OF LEGAL ASPECTS OF GDPR IMPLEMENTATION IN INTERNATIONAL COMPANIES
UA  RU  EN
 
  Main page
  How to take part in a scientific conference?
  Calendar of conferences
  Editorial board. PA «Naukova Spilnota»
  Äîãîâ³ð ïðî ñï³âðîá³òíèöòâî ç Wyzsza Szkola Zarzadzania i Administracji w Opolu
  Archive

Actual researches of legal and historical science (Issue 68)

Date of conference

14 January 2025

Remaining time to start conference 19


  Scientific conferences
 

  Useful legal internet resources
 

 Useful references
 
Íîâ³ âèìîãè äî ïóáë³êàö³é ðåçóëüòàò³â êàíäèäàòñüêèõ òà äîêòîðñüêèõ äèñåðòàö³é
Þðèäè÷íèé ôîðóì
Çàêîíîäàâñòâî Óêðà¿íè
ªäèíèé äåðæàâíèé ðåºñòð ñóäîâèõ ð³øåíü


 Counters


 References


 Our bottun
www.lex-line.com.ua - ̳æíàðîäí³ íàóêîâî-ïðàêòè÷í³ ³íòåðíåò-êîíôåðåíö³¿ çà ð³çíèìè þðèäè÷íèìè íàïðÿìêàìè

ANALYSIS OF LEGAL ASPECTS OF GDPR IMPLEMENTATION IN INTERNATIONAL COMPANIES
 
03.06.2024 13:37
Author: Vladyslav Drapii, Master of International Law, Partner, «Drapii, Skliarov and Partners” LLC, Kyiv, Ukraine
[Section 3. Civil and domestic law. Civil judicial law. Commercial law. Housing right. Obligation law. International private law. Labour law and public guarantee law]


In today's environment of business digitalization and the rapid increase in the use of digitalization tools in the processing of personal data, both professional and personal, leads to an increase in the risk of personal data protection and confidentiality, as well as its theft by fraudsters and hackers via the Internet. The transition of companies to the digital space creates new risks and challenges for the protection of personal data. Therefore, the implementation of the General Data Protection Regulation (hereinafter – GDPR) in the operation of enterprises is becoming increasingly relevant and necessary. 

The issue of implementation of GDPR in the operation of enterprises has been studied by Ukrainian researchers, such as O. I. Urtaiev [1] and O. Ye. Lutsenko [2], who proved that the implementation of the GDPR in the functioning of Ukrainian enterprises is a necessary condition for Ukrainian enterprises to reach the European level. However, so far researchers have not studied the aspects of the implementation of the GDPR in Ukrainian enterprises, which are international companies. Therefore, this article aims to fill this knowledge gap. Thus, the purpose of the article is to analyze the legal aspects of GDPR implementation in international companies.

In 2018, GDPR came into force, which is a regulation within the legislation of the European Union on the protection of personal data of all individuals within the European Union and the European Economic Area. It is important to understand that international companies located outside the European Union (hereinafter referred to as the EU) must also comply with the basic rules of the GDPR, which directly affects Ukrainian companies. This law has six main data protection principles, as shown in Table 1.

Table 1

Key GDPR data protection principles




Source: created by the author based on [3]

Analyzing the data shown in Table 1, we can conclude that although the law is based on six main principles, its core is data protection, which is ensured by transparency and accountability [3]. On the one hand, the law improves the protection of data subjects' privacy and facilitates the work of organizations and companies by clarifying rules, more specific requirements and even direct instructions on how to apply the provisions. On the other hand, the new GDPR obligations introduce significant changes to the way companies operate in terms of privacy protection. All companies that work with the personal data of EU residents or monitor the behavioral data of individuals in the EU, regardless of their location, are subject to the GDPR. This means that non-EU companies and international companies must comply with both national laws and the GDPR.

The unilateral exercise of EU jurisdiction in certain data protection situations has implications for global companies, governments, and internet users. Analyzing the legal requirements for GDPR implementation for international companies, it can be concluded that EU data protection principles have migrated abroad, becoming the basis for, and even forcing changes in, the data protection practices of international and non-EU companies, as well as the laws and practices of third countries, depending on the EU's regulatory socialization and bargaining power. EU data protection law, strengthened by its extraterritorial application, has become a global source of inspiration. The main incentive for third countries and operators to adopt data protection standards equivalent to those of the EU remains the fear of losing access to the EU market. Regardless of the reason for adoption, the EU's extraterritoriality shapes global data protection standards. data protection. The normative question remains as to how aggressively the EU should impose its data protection laws on foreign service providers or third countries [4].

It is also important to note the challenges that international companies face in implementing the GDPR. While a fundamental rights-based interpretation of data protection legislation may be positive from the perspective of an EU citizen or resident, it may create an additional and potentially unwanted burden for EU policymakers. Such interpretations put pressure on EU institutions not to neglect the data protection of EU residents when concluding data transfer agreements with third countries or when allowing foreign operators to conduct commercial activities in the EU market [4]. As legal texts and other documents of international companies are open to interpretation, it is of paramount importance to seek legal advice on their interpretation in order to obtain a correct and clear explanation. The GDPR and its implementation are no exception. Since the legal aspects are multifaceted, detailed preparation of documents is one of the keys to effective operation, as they must fully comply with GDPR requirements. Detailed and systematic documentation is a prerequisite to protect data confidentiality and ensure transparency in the event of an audit by supervisory authorities. In addition, the challenge for international companies is to strike a balance between the right to data protection and the preservation of other fundamental rights (Figure 1).

  

Figure 1. Tensions between data protection law and other rights

Source: created by the author based on [5]

In addition, the right to privacy conflicts with the Data Protection Act. These circumstances significantly complicate the implementation of data protection law. Therefore, in order to effectively navigate the legal aspects, international companies must skillfully manage the requirements of the GDPR in combination with other legal and regulatory frameworks [5]. 

Thus, analyzing all the above aspects, we can conclude that the GDPR is not a burden for international companies, but a significant opportunity to improve their performance. The GDPR goes beyond the current legislation and requires higher standards for data processing organizations, but these higher standards are philosophically consistent with best practices and ethical approaches. Organizational arrangements must be more efficient and effective, but the GDPR builds on the transparency and trust enshrined in national and international codes and best practices that put the interests of research participants first.

References:

1. Urtaiev O. I. Implementation of the GDPR rules as an important factor in the entry of Ukrainian companies to the EU market. Scientific Notes of the International Humanitarian University. 2023. No. 39. P. 17-20. URL: https://doi.org/10.32782/2663-5682/2023/39/04 (date of access: 31.05.2024).

2. Lutsenko O. Y. Legal regulation of the protection of personal data of employees under the GDPR. Law and Society. 2023. Vol. 2, no. 2. P. 134-141. URL: https://doi.org/10.32842/2078-3736/2023.2.2.20 (date of access: 31.05.2024).

3. General Data Protection Regulation (GDPR). 2018. Intersoft Consulting. URL:  https://gdpr-info.eu/  (date of access: 31.05.2024).

4. Ryngaert C., Taylor M. The GDPR as Global Data Protection Regulation?. AJIL Unbound. 2020. Vol. 114. P. 5-9. URL: https://doi.org/10.1017/aju.2019.80 (date of access: 31.05.2024).

5. Smirnova Y., Travieso-Morales V. Understanding challenges of GDPR implementation in business enterprises: a systematic literature review. International Journal of Law and Management. 2024. Vol. 66 No. 3. P. 326-344. URL: https://doi.org/10.1108/ijlma-08-2023-0170 (date of access: 31.05.2024).



Creative Commons Attribution Öÿ ðîáîòà ë³öåíçóºòüñÿ â³äïîâ³äíî äî Creative Commons Attribution 4.0 International License

äîïîìîãàÇíàéøëè ïîìèëêó? Âèä³ë³òü ïîìèëêîâèé òåêñò ³ íàòèñí³òü Ctrl + Enter




 ²íø³ íàóêîâ³ ïðàö³ äàíî¿ ñåêö³¿
ÏÐÎÖÅÑÓÀËÜÍÎ-ÏÐÀÂÎÂÈÉ ÌÅÕÀͲÇÌ ÇÀÕÈÑÒÓ ÏÎÐÓØÅÍÈÕ ÏÐÀ ÒÀ ÇÀÊÎÍÍÈÕ ²ÍÒÅÐÅѲ Ó×ÀÑÍÈʲ ÄÎÃβÐÍÈÕ ÇÅÌÅËÜÍÈÕ ÏÐÀÂβÄÍÎÑÈÍ Â ÖȲËÜÍÎÌÓ ÑÓÄÎ×ÈÍÑÒ² ÓÊÐÀ¯ÍÈ
13.06.2024 12:01
ÑÎÖ²ÀËÜÍÎ-ÏÐÀÂÎÂÅ ÇÍÀ×ÅÍÍß ÑÎÖ²ÀËÜÍÎÃÎ ÇÀÕÈÑÒÓ ÏÐÀÖ²ÂÍÈÊÀ Ó ÑÓ×ÀÑÍ²É ÏÐÀÂÎÂ²É ÄÅÐÆÀ²
13.06.2024 11:22
ÑÒÀÍ ÍÎÐÌÀÒÈÂÍÎ-ÏÐÀÂÎÂÎÃÎ ÇÀÁÅÇÏÅ×ÅÍÍß ÑÎÖ²ÀËÜÍί ÔÓÍÊÖ²¯ ÄÅÐÆÀÂÈ ÍÀ вÂͲ ªÂÐÎÏÅÉÑÜÊÎÃÎ ÑÎÞÇÓ
13.06.2024 11:18
ÎÑÎÁËÈÂÎÑÒ² ÑÓ×ÀÑÍÎÃÎ ÞÐÈÄÈ×ÍÎÃÎ ÌÅÕÀͲÇÌÓ ÑÎÖ²ÀËÜÍÎÃÎ ÇÀÕÈÑÒÓ
13.06.2024 11:15
ÏÐÎÂÀÄÆÅÍÍß ÇÁÀËÀÍÑÎÂÀÍί ÏÎ˲ÒÈÊÈ ÏÎÇÈÒÈÂÍί ¥ÅÍÄÅÐÍί ÄÈÑÊÐÈ̲ÍÀÖ²¯  ÑÈÑÒÅ̲ ÏÐÀÂÎÑÓÄÄß
13.06.2024 11:11
ÔÎÍβ ÄÅÑÒÐÓÊÒÈÂͲ ÔÀÊÒÎÐÈ, ßʲ ÎÁÓÌÎÂËÞÞÒÜ ÊÀÄÐÎÂÓ ÊÐÈÇÓ Ó ÑÈÑÒÅ̲ ÇÀÁÅÇÏÅ×ÅÍÍß ÑÎÖ²ÀËÜÍί ÁÅÇÏÅÊÈ ÄÅÐÆÀÂÈ
13.06.2024 11:07
ÕÀÐÀÊÒÅÐÈÑÒÈÊÀ ÄÅÑÎÖ²À˲ÇÀÖ²¯ ÑÔÅÐÈ ÏÐÀÖ²
13.06.2024 11:02
ÒÅÎÐ²ß ÏÐÈÍÖÈϲ ÖȲËÜÍÎÃÎ ÑÓÄÎ×ÈÍÑÒÂÀ  ÓÊÐÀ¯Í²: ÎÑÍÎÂͲ ÇÄÎÁÓÒÊÈ ÒÀ ÏÅÐÑÏÅÊÒÈÂÈ
07.06.2024 13:00
ÀÍÀË²Ç ÑÏÅÖÈÔ²ÊÈ ÑÓÁ’ªÊҲ ÂËÀÄÍÈÕ ÏÎÂÍÎÂÀÆÅÍÜ Ó ÑÔÅв ÐÅÀ˲ÇÀÖ²¯ ÑÎÖ²ÀËÜÍÈÕ ÏÐÀ ÄÅÐÆÀÂÍÈÕ ÑËÓÆÁÎÂÖ²Â
07.06.2024 12:52




© 2006-2024 All Rights Reserved At use of data from the site, the reference to the www.lex-line.com.ua is obligatory!


Íàóêîâà ñï³ëüíîòà - ³íòåðíåò êîíôåðåíö³¿
̳æíàðîäíà ³íòåðíåò-êîíôåðåíö³ÿ ç åêîíîì³êè, ³íôîðìàö³éíèõ ñèñòåì ³ òåõíîëîã³é, ïñèõîëî㳿 òà ïåäàãîã³êè
Íàóêîâ³ êîíôåðåíö³¿
Àêòóàëüí³ äîñë³äæåííÿ ïðàâîâî¿ òà ³ñòîðè÷íî¿ íàóêè. Þðèäè÷íà ë³í³ÿ
 Ãîëîñóâàííÿ 
Ç ÿêèõ äæåðåë Âè ä³çíàëèñü ïðî íàøó êîíôåðåíö³þ:

ñîö³àëüí³ ìåðåæ³;
³íôîðìóâàííÿ åëåêòðîííîþ ïîøòîþ;
ïîøóêîâ³ ³íòåðíåò-ñèñòåìè (Google, Yahoo, Meta, Yandex);
³íòåðíåò-êàòàëîãè êîíôåðåíö³é (science-community.org, konferencii.ru, vsenauki.ru, ³íø³);
íàóêîâ³ ï³äðîçä³ëè ÂÓdzâ;
ïîðåêîìåíäóâàëè çíàéîì³.
ç ÑÌÑ ïîâ³äîìëåííÿ íà ìîá³ëüíèé òåëåôîí.


Ðåçóëüòàòè ãîëîñóâàíü Äîêëàäí³øå