Best_Grade_GDPR-style Privacy Law in the USA_Assignment_MBA
3 views 0 purchase
Course
1585 (BUSINESS)
Institution
FOM Hochschule Für Oekonomie Und Management
This assignment outlines the possibility of creating a GDPR-style policy in the United States. It covers the background on GDPR, US legal privacy policies, relevant internal and external challenges for US businesses, and solutions for internal operating challenges. Additionally, it discusses the op...
Executive summary
Personal data is considered today as one of the most valuable resources in the world. Due
to globalization, personal data is not only generated at an incredible rate and volume, it is
also collected, processed, and stored to a large extent. However, the latter actions have
not been adequately regulated by lawmakers, leading to several data breaches through
theft and misuse. This has led consumers to demand more transparency and accountability
in handling data.
In May 2018, the European Union enacted the General Data Protection Regulation
(GDPR) to provide European Union (EU) residents with greater control over their data.
The GDPR established clear guidelines for companies and organizations on how EU data
should be collected, processed, and stored. The rigorous GDPR attracted the immediate
attention of countries around the world that tried to replicate it in their territories. For
instance, in the United States (US), a debate started on whether a GDPR-style regulation
would be the right data policy model to be implemented.
However, a replication of GDPR in the US poses as many challenges as opportunities for
US businesses, citizens, and government. At the internal level, US businesses, especially
small and medium-sized companies, would face considerable financial constraints in
implementing the processes and tools necessary to be compliant with GDPR-style
regulation, further increasing uncertainty and complexity. At the market level, the high
costs of complying with GDPR-style regulation might greatly increase barriers to market
entry, as well as decrease competition and innovation in the market. On the other hand,
the benefits at the internal level are greater customer confidence through best practices in
data manipulation, and an improvement in IT systems that contribute to cost savings in
operations. At the market level, the United States would benefit from the unification of
its sector-specific national privacy laws and improved transatlantic data exchange and
cooperation with the European Union.
After assessing the challenges and opportunities, the United States should not establish
GDPR-like regulation on its territory, as its legal and market context differs greatly from
the EU. However, it is recommended that the United States unify its national industry-
specific data privacy and data protection policies at the federal level, and ultimately
decide on an adequate level of compliance stringency that does not create undue barriers.
, iii
List of Figures
Figure 1: The eight fundamental user rights under the GDPR
Figure 2: US-EU Trade of Information and Communication Technology as of 2018
Figure 3: US Online survey results on data protection
Figure 4: State of GDPR compliance as of June 2018
Figure 5: US firms’ action plan to comply with GDPR as of August 2018
, iv
List of Abbreviations
AMS Access Management System
CCPA California Consumer Privacy Act
CMS Consent Management Platform
COPPA Children’s Online Privacy Protection Act
CRM Customer Relationship Management
DPO Data Protection Officer
EU European Union
FOM Hochschule für Ökonomie und Management
GDPR General Data Protection Regulation
GLB Gramm-Leach-Biley
HIPAA Health Coverage Availability and Affordability Act
IT Information Technology
KPIs Key Performance Indicators
OPPA California Online Privacy Protection Act
PwC Price Waterhouse Coopers
ROI Return on Investment
ROT Redundant, obsolete, and trivial
SMEs Small and medium enterprises
US United States
, v
Table of Contents
Executive summary ........................................................................................................... ii
List of Figures ..................................................................................................................iii
List of Abbreviations........................................................................................................ iv
1 Introduction .................................................................................................................... 1
1.1 Background on GDPR ............................................................................................ 1
1.2 Objectives ................................................................................................................ 2
1.3 Key concepts ........................................................................................................... 3
2 Methodology .................................................................................................................. 3
2.1 Research design ....................................................................................................... 3
2.2 Data collection ........................................................................................................ 4
3 Thematic Analysis .......................................................................................................... 4
3.1 The migration from Directive to GDPR ................................................................. 4
3.2 Reasons for the implementation of the GDPR ........................................................ 4
3.2.1 Data breaches and lack of enforcement ........................................................... 4
3.2.2 Technological advances ................................................................................... 5
4 Background on US legal privacy policies ...................................................................... 5
4.1 US citizens’ perspective towards GDPR-like implementation ............................... 8
4.2 US companies’ perspective towards GDPR-like implementation .......................... 9
5 Relevant internal and external challenges for US businesses ...................................... 11
5.1 The right of access to personal information .......................................................... 11
5.2 The right to be forgotten ....................................................................................... 12
5.3 The right to data portability .................................................................................. 12
5.4 GDPR provisions’ length ...................................................................................... 13
5.5 Team training & allocation of the Data Protection Officer................................... 13
5.6 Competition, innovation, and free trade ................................................................ 13
6 Solutions for internal operating challenges .................................................................. 14
6.1 Automated query system ....................................................................................... 14
6.2 Consent management platform ............................................................................. 14
6.3 Access management system .................................................................................. 15
6.4 Incident management platform ............................................................................. 15
7. Opportunities/Benefits for US businesses ................................................................... 16
7.1 Higher consumer confidence................................................................................. 16
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller jospisfil. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $6.86. You're not tied to anything after your purchase.
