This assignment outlines the possibility of creating a GDPR-style policy in the United States. It covers the background on GDPR, US legal privacy policies, relevant internal and external challenges for US businesses, and solutions for internal operating challenges. Additionally, it discusses the op...
Executive summary
Personal data is considered today as one of the most valuable resources in the world. Due
to globalization, personal data is not only generated at an incredible rate and volume, it is
also collected, processed, and stored to a large extent. However, the latter actions have
not been adequately regulated by lawmakers, leading to several data breaches through
theft and misuse. This has led consumers to demand more transparency and accountability
in handling data.
In May 2018, the European Union enacted the General Data Protection Regulation
(GDPR) to provide European Union (EU) residents with greater control over their data.
The GDPR established clear guidelines for companies and organizations on how EU data
should be collected, processed, and stored. The rigorous GDPR attracted the immediate
attention of countries around the world that tried to replicate it in their territories. For
instance, in the United States (US), a debate started on whether a GDPR-style regulation
would be the right data policy model to be implemented.
However, a replication of GDPR in the US poses as many challenges as opportunities for
US businesses, citizens, and government. At the internal level, US businesses, especially
small and medium-sized companies, would face considerable financial constraints in
implementing the processes and tools necessary to be compliant with GDPR-style
regulation, further increasing uncertainty and complexity. At the market level, the high
costs of complying with GDPR-style regulation might greatly increase barriers to market
entry, as well as decrease competition and innovation in the market. On the other hand,
the benefits at the internal level are greater customer confidence through best practices in
data manipulation, and an improvement in IT systems that contribute to cost savings in
operations. At the market level, the United States would benefit from the unification of
its sector-specific national privacy laws and improved transatlantic data exchange and
cooperation with the European Union.
After assessing the challenges and opportunities, the United States should not establish
GDPR-like regulation on its territory, as its legal and market context differs greatly from
the EU. However, it is recommended that the United States unify its national industry-
specific data privacy and data protection policies at the federal level, and ultimately
decide on an adequate level of compliance stringency that does not create undue barriers.
, iii
List of Figures
Figure 1: The eight fundamental user rights under the GDPR
Figure 2: US-EU Trade of Information and Communication Technology as of 2018
Figure 3: US Online survey results on data protection
Figure 4: State of GDPR compliance as of June 2018
Figure 5: US firms’ action plan to comply with GDPR as of August 2018
, iv
List of Abbreviations
AMS Access Management System
CCPA California Consumer Privacy Act
CMS Consent Management Platform
COPPA Children’s Online Privacy Protection Act
CRM Customer Relationship Management
DPO Data Protection Officer
EU European Union
FOM Hochschule für Ökonomie und Management
GDPR General Data Protection Regulation
GLB Gramm-Leach-Biley
HIPAA Health Coverage Availability and Affordability Act
IT Information Technology
KPIs Key Performance Indicators
OPPA California Online Privacy Protection Act
PwC Price Waterhouse Coopers
ROI Return on Investment
ROT Redundant, obsolete, and trivial
SMEs Small and medium enterprises
US United States
, v
Table of Contents
Executive summary ........................................................................................................... ii
List of Figures ..................................................................................................................iii
List of Abbreviations........................................................................................................ iv
1 Introduction .................................................................................................................... 1
1.1 Background on GDPR ............................................................................................ 1
1.2 Objectives ................................................................................................................ 2
1.3 Key concepts ........................................................................................................... 3
2 Methodology .................................................................................................................. 3
2.1 Research design ....................................................................................................... 3
2.2 Data collection ........................................................................................................ 4
3 Thematic Analysis .......................................................................................................... 4
3.1 The migration from Directive to GDPR ................................................................. 4
3.2 Reasons for the implementation of the GDPR ........................................................ 4
3.2.1 Data breaches and lack of enforcement ........................................................... 4
3.2.2 Technological advances ................................................................................... 5
4 Background on US legal privacy policies ...................................................................... 5
4.1 US citizens’ perspective towards GDPR-like implementation ............................... 8
4.2 US companies’ perspective towards GDPR-like implementation .......................... 9
5 Relevant internal and external challenges for US businesses ...................................... 11
5.1 The right of access to personal information .......................................................... 11
5.2 The right to be forgotten ....................................................................................... 12
5.3 The right to data portability .................................................................................. 12
5.4 GDPR provisions’ length ...................................................................................... 13
5.5 Team training & allocation of the Data Protection Officer................................... 13
5.6 Competition, innovation, and free trade ................................................................ 13
6 Solutions for internal operating challenges .................................................................. 14
6.1 Automated query system ....................................................................................... 14
6.2 Consent management platform ............................................................................. 14
6.3 Access management system .................................................................................. 15
6.4 Incident management platform ............................................................................. 15
7. Opportunities/Benefits for US businesses ................................................................... 16
7.1 Higher consumer confidence................................................................................. 16
Alle Vorteile der Zusammenfassungen von Stuvia auf einen Blick:
Garantiert gute Qualität durch Reviews
Stuvia Verkäufer haben mehr als 700.000 Zusammenfassungen beurteilt. Deshalb weißt du dass du das beste Dokument kaufst.
Schnell und einfach kaufen
Man bezahlt schnell und einfach mit iDeal, Kreditkarte oder Stuvia-Kredit für die Zusammenfassungen. Man braucht keine Mitgliedschaft.
Konzentration auf den Kern der Sache
Deine Mitstudenten schreiben die Zusammenfassungen. Deshalb enthalten die Zusammenfassungen immer aktuelle, zuverlässige und up-to-date Informationen. Damit kommst du schnell zum Kern der Sache.
Häufig gestellte Fragen
Was bekomme ich, wenn ich dieses Dokument kaufe?
Du erhältst eine PDF-Datei, die sofort nach dem Kauf verfügbar ist. Das gekaufte Dokument ist jederzeit, überall und unbegrenzt über dein Profil zugänglich.
Zufriedenheitsgarantie: Wie funktioniert das?
Unsere Zufriedenheitsgarantie sorgt dafür, dass du immer eine Lernunterlage findest, die zu dir passt. Du füllst ein Formular aus und unser Kundendienstteam kümmert sich um den Rest.
Wem kaufe ich diese Zusammenfassung ab?
Stuvia ist ein Marktplatz, du kaufst dieses Dokument also nicht von uns, sondern vom Verkäufer jospisfil. Stuvia erleichtert die Zahlung an den Verkäufer.
Werde ich an ein Abonnement gebunden sein?
Nein, du kaufst diese Zusammenfassung nur für 6,49 €. Du bist nach deinem Kauf an nichts gebunden.
