Investigating Data Protection Compliance Challenges


Authors : Semiu Adebayo Oyetunji

Volume/Issue : Volume 9 - 2024, Issue 8 - August

Google Scholar : https://tinyurl.com/yc5ee7as

Scribd : https://tinyurl.com/5bue6cfp

DOI : https://doi.org/10.38124/ijisrt/IJISRT24AUG1583

Abstract : In today's landscape, safeguarding sensitive data is crucial for Organizations, but navigating data protection regulations and ensuring compliance is increasingly challenging. This research project explores Organizations' hurdles in achieving data protection compliance, offering insights to develop more effective strategies. A survey via Google Forms gathered insights from data protection experts and professionals, revealing key challenges such as difficulty understanding complex regulations, limited resources, and obstacles in implementing compliance measures. The study also reviewed the existing data protection regulatory framework and relevant literature, uncovering a common theme of confusion and a gap between regulatory requirements and practical application across Organizations. The research recognises that data protection extends beyond regulatory compliance, reflecting the evolving expectations of individuals and customers regarding the ethical handling of their data. This underscores the importance of data protection as both a legal and ethical responsibility closely tied to organisational reputation and public trust. The findings highlight the need for more precise, accessible guidelines and support mechanisms to bridge the gap between regulatory demands and organisational implementation. By addressing these challenges, Organizations can strengthen their data protection measures, foster trust, and ensure the security of sensitive information.

References :

  1. ALERT. (n.d.). Available at: https://www.brotherssmithlaw.com/wp-content/uploads/2020/05/ALERT-The-California-Consumer-Privacy-Act-Updated-May-2020.pdf [Accessed 3 Aug. 2023].
  2. AlKalbani, A., Deng, H., Kam, B. and Zhang, X. (2017). Information Security Compliance in Organizations: An Institutional Perspective. Data and Information Management, [online] 1(2), pp.104–114. doi: https://doi.org/10.1515/dim-2017-0006
  3. Allen, A. L. (2021) “HIPAA at 25 - A Work in Progress.” Available at: https://papers.ssrn.com/ abstract=4022671 (Accessed: August 20, 2023).
  4. Alzahrani, L. (2021). Factors Impacting Users’ Compliance with Information Security Policies: An Empirical Study. International Journal of Advanced Computer Science and Applications, 12(10). doi https://doi.org/10.14569/ijacsa.2021.0121049.
  5. Anon, (n.d.). The 2019 IAPP-EY Privacy Governance Report was released at PSR. [online] Available at: https://iapp.org/news/a/2019-iapp-ey-privacy-governance-report-released-at-psr/ [Accessed 3 Aug. 2023].
  6. Aslam, M. et al. (2022) “Getting smarter about smart cities: Improving data security and privacy through compliance,” Sensors (Basel, Switzerland), 22(23), p. 9338. doi 10.3390/s22239338.
  7. BBC (2015). Sony pays up to $8m over employees’ hacked data. BBC News. [online] 21 Oct. Available at: https://www.bbc.com/news/business-34589710.
  8. Bond, M., Human, K. and Kwon, N. (n.d.). Analysis and Implications for Equifax Data Breach. [online] Available at: http://cs.ucf.edu/~mohaisen/doc/ teaching/cap5150/fall2022/cap5150-proj2.pdf.
  9. Bottoms, A. (2019) “Understanding compliance with laws and regulations: A mechanism-based approach,” in Financial Compliance. Cham: Springer International Publishing, pp. 1–45.
  10. Carrier, B. et al. (2020) “Validity and reliability of physiological data in applied settings measured by wearable technology: A rapid systematic review,” Technologies, 8(4), p. 70. doi 10.3390/ technologies8040070.
  11. Centre for Intellectual Property and Information Technology law. (2021). Data Protection (Compliance and Enforcement) Regulations 2021: Key Considerations - Centre for Intellectual Property and Information Technology law. [online] Available at: https://cipit.strathmore.edu/data-protection-compliance-and-enforcement-regulations-2021-key-considerations/.
  12. Chaudhuri, A. (2016) “Internet of things data protection and privacy in the era of the General Data Protection Regulation,” Journal of Data Protection & Privacy, 1(1), pp. 64–75. Available at: https://www.ingentaconnect.com/content/hsp/jdpp/2016/00000001/00000001/art00009.
  13. Chen, Jim Q., and Allen Benusa. "HIPAA security compliance challenges: The case for small healthcare providers." International Journal of Healthcare Management 10, no. 2 (2017): 135-146.
  14. Chhetri, T.R., Kurteva, A., DeLong, R.J., Hilscher, R., Korte, K. and Fensel, A. (2022). Data Protection by Design Tool for Automated GDPR Compliance Verification Based on Semantically Modeled Informed Consent—sensors, 22(7), p.2763. Doi https://doi.org/10.3390/s22072763.
  15. Chhetri, T.R., Kurteva, A., DeLong, R.J., Hilscher, R., Korte, K. and Fensel, A. (2022). Data Protection by Design Tool for Automated GDPR Compliance Verification Based on Semantically Modeled Informed Consent. Sensors, 22(7), p.2763. doi https://doi.org/10.3390/s22072763.
  16. Cunningham, E. (2016). Handling Resistance to Technological Change in the Workforce. [online] Unicorn HRO. Available at: https://unicornhro.com/ blog/handling-resistance-to-technological-change-in-the-workforce/.
  17. Dabrowski, A. et al. (2019) “Measuring cookies and web privacy in a post-GDPR world,” in Passive and Active Measurement. Cham: Springer International Publishing, pp. 258–270.
  18. Dar, M. H. et al. (2020) “Gender-focused training and knowledge enhance the adoption of climate resilient seeds,” Technology in society, 63(101388), p. 101388. doi: 10.1016/j.techsoc.2020.101388.
  19. decube.io. (n.d.). describe | Data Governance and Compliance - Beginner’s Guide, Examples, and Concepts. [online] Available at: https://decube.io/post/data-governance-and-compliance-concepts [Accessed 5 Aug. 2023].
  20. Demetzou, K. (2019) “Data Protection Impact Assessment: A tool for accountability and the unclarified concept of ‘high risk’ in the General Data Protection Regulation,” Computer Law and Security Report, 35(6), p. 105342. doi 10.1016/j.clsr.2019.105342.
  21. Donnette, Q. et al. (no date) Maastrichtuniversity.nl. Available at: http://qdaii-fasos.maastrichtuniversity .nl/20152016/GreenOffice02/wp-content/uploads/ 2016/03/Research-Design-Green-Office.pdf (Accessed: August 19, 2023).
  22. European Commission (2016). Data protection in the EU. [online] commission.europa.eu. Available at: https://commission.europa.eu/law/law-topic/data-protection/data-protection-eu_en.
  23. GDPR (2018). General Data Protection Regulation (GDPR). [online] General Data Protection Regulation (GDPR). Available at: https://gdpr-info.eu/.
  24. Giacalone, M., Cusatelli, C. and Santarcangelo, V. (2018) “Big data compliance for innovative clinical models,” Big data research, 12, pp. 35–40. doi 10.1016/j.bdr.2018.02.001.
  25. Groves, R. M. et al. (2011) Survey Methodology. John Wiley & Sons.
  26. Hoofnagle, C. J., van der Sloot, B. and Borgesius, F. Z. (2019) “The European Union general data protection regulation: what it is and what it means,” Information & communications technology law, 28(1), pp. 65–98. doi 10.1080/13600834.2019. 1573501.
  27. Johnston, L. D. et al. (2021) Key findings on adolescent drug use, Umich.edu. Available at: https://deepblue.lib.umich.edu/bitstream/handle/2027.42/171751/mtf-overview2021.pdf (Accessed: August 19, 2023).
  28. Kotsios, A. et al. (2019) “An analysis of the consequences of the General Data Protection Regulation on social network research,” ACM transactions on social computing, 2(3), pp. 1–22. doi 10.1145/3365524.
  29. Leavy, P. (2022) Research design: Quantitative, qualitative, mixed methods, arts-based, and community-based participatory research approaches. New York, NY: Guilford Publications.
  30. Lenhard, J., Fritsch, L. and Herold, S. (2017) “A literature study on privacy patterns research,” in 2017 43rd Euromicro Conference on Software Engineering and Advanced Applications (SEAA). IEEE, pp. 194–201.
  31. Li, H., Yu, L. and He, W. (2019) “The impact of GDPR on global technology development,” Journal of Global Information Technology Management, 22(1), pp. 1–6. Available at: https://doi.org/10.1080/1097198x. 2019.1569186.
  32. Li, H., Yu, L. and He, W. (2019) “The impact of GDPR on global technology development,” Journal of Global Information Technology Management, 22(1), pp. 1–6. doi: 10.1080/1097198x.2019.1569186.
  33. Lin, Tom CW. "Compliance, technology, and modern finance." Brook. J. Corp. Fin. & Com. L. 11 (2016): 159.
  34. Mahanti, R. (2021) “Data Governance and Compliance,” in Data Governance and Compliance. Singapore: Springer Singapore, pp. 109–153.
  35. Meeting the challenges of big data: A call for transparency, user control, data protection by design, and accountability. (2015). Available at: https://edps.europa.eu/sites/edp/files/publication/15-11-19_big_data_en.pdf.
  36. Nouwens, M. et al. (2020) “Dark patterns after the GDPR: Scraping consent pop-ups and demonstrating their influence,” in Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems. New York, NY, USA: ACM.
  37. Ojifinni, K., Motara, F. and Laher, A. E. (2019) “Knowledge, attitudes and perceptions regarding basic life support among teachers in training,” Cureus. doi: 10.7759/cureus.6302.
  38. Passos, K. (2021) “Compliance with Brazil’s new data privacy legislation: What us companies need to know,” SSRN Electronic Journal. Doi 10.2139/ssrn.3777357.
  39. Peloquin, D. et al. (2020) “Disruptive and avoidable: GDPR challenges to secondary research uses of data,” European Journal of Human Genetics: EJHG, 28(6), pp. 697–705. doi: 10.1038/s41431-020-0596-x.
  40. Poller, J. and Analyst, S. (n.d.). The Need for Data Compliance in Today’s Cloud Era 1 The Need for Data Compliance in Today’s Cloud Era the Need for Data Compliance in Today’s Cloud Era 2. [online] Available at: https://www.ibm.com/downloads/cas/ YYLVQWE2 [Accessed 7 Aug. 2023].
  41. PricewaterhouseCoopers (n.d.). A privacy reset — from compliance to trust-building. [online] PwC. Available at: https://www.pwc.com/us/en/services/ consulting/cybersecurity-risk-regulatory/library/ privacy-reset.html.
  42. Privacyrights.org. (2017). Data Breaches | Privacy Rights Clearinghouse. [online] Available at: https://privacyrights.org/categories/data-breaches [Accessed 18 Jan. 2020]
  43. Quach, S., Thaichon, P., Martin, K.D., Weaven, S. and Palmatier, R.W. (2022). Digital technologies: tensions in privacy and data. Journal of the Academy of Marketing Science, [online] 50(1). Doi https://doi.org/10.1007/s11747-022-00845-y.
  44. research.aimultiple.com. (n.d.). Data Compliance in 2023: Best Practices & Challenges. [online] Available at: https://research.aimultiple.com/data-compliance/ #:~:text=This%20is%20essential%20in%20ensuring [Accessed 1 Aug. 2023].
  45. Reuters (2017). Target Settles 2013 Hacked Customer Data Breach For $18.5 Million. [online] NBC News. Available at: https://www.nbcnews.com/business/ business-news/target-settles-2013-hacked-customer-data-breach-18-5-million-n764031.
  46. Schäfer, F., Gebauer, H., Gröger, C., Gassmann, O. and Wortmann, F. (2022). Data-driven business and data privacy: Challenges and measures for product companies. Business Horizons. doi https://doi.org/10.1016/j.bushor.2022.10.002.
  47. Schwarz, C. G. et al. (2019) “Identification of anonymous MRI research participants with face-recognition software,” The New England Journal of Medicine, 381(17), pp. 1684–1686. doi: 10.1056/nejmc1908881.
  48. Security Sector integrity. (n.d.). Regulatory Frameworks. [online] Available at: https://securitysectorintegrity.com/standards-and-regulations/procurement-monitoring-evaluation/.
  49. Sesana, M. M., Rivallain, M. and Salvalai, G. (2020) “Overview of the available knowledge for the data model definition of a Building Renovation Passport for non-residential buildings: The ALDREN project experience,” Sustainability, 12(2), p. 642. doi: 10.3390/su12020642.
  50. Shahid, J., Ahmad, R., Kiani, A.K., Ahmad, T., Saeed, S. and Almuhaideb, A.M. (2022). Data Protection and Privacy of the Internet of Healthcare Things (IoHTs). Applied Sciences, [online] 12(4), p.1927. doi https://doi.org/10.3390/app12041927.
  51. Sharma, A. et al. (2021) “A consensus-based checklist for reporting of survey studies (CROSS),” Journal of General Internal Medicine, 36(10), pp. 3179–3187. doi 10.1007/s11606-021-06737-1.
  52. Siedlecki, S. L. (2020) “Understanding descriptive research designs and methods,” Clinical nurse Specialist CNS, 34(1), pp. 8–12. doi 10.1097/nur.0000000000000493.
  53. State Government of Victoria (2020). Data collection challenges and improvements. [online] www.vic.gov.au. Available at: https://www.vic.gov. au/victorian-family-violence-data-collection-framework/data-collection-challenges-and-improvements.
  54. State of California Department of Justice (2023). California Consumer Privacy Act (CCPA). [online] State of California - Department of Justice - Office of the Attorney General. Available at: https://oag.ca.gov/privacy/ccpa.
  55. Stempel, J. (2019). Yahoo struck a $117.5 million data breach settlement after the earlier accord was rejected. Reuters. [online] 9 Apr. Available at: https://www.reuters.com/article/us-verizon-yahoo-idUSKCN1RL1H1.
  56. Stepenko, V., Dreval, L., Chernov, S., & Shestak, V. (2021). EU Personal Data Protection Standards and Regulatory Framework. Journal of Applied Security Research, 1–14. https://doi.org/10.1080/19361610. 2020.1868928
  57. Tahaei, M., Li, T. and Vaniea, K. (2022) “Understanding privacy-related advice on Stack Overflow,” Proceedings on Privacy Enhancing Technologies, 2022(2), pp. 114–131. doi: 10.2478/popets-2022-0038.
  58. The Emergence of AI and IoT on Cloud Computing: Evolution, Technology, Future Research and Challenges. (2019). Computer Engineering and Intelligent Systems. doi https://doi.org/10.7176/ ceis/10-7-03.
  59. The World Bank (2023). Data protection and privacy laws | Identification for Development. [online] id4d.worldbank.org. Available at: https://id4d.worldbank.org/guide/data-protection-and-privacy-laws.
  60. Truong, N. B. et al. (2020) “GDPR-compliant personal data management: A blockchain-based solution,” IEEE Transactions on Information Forensics and Security, 15, pp. 1746–1761. doi: 10.1109/tifs.2019.2948287.
  61. U.S. Department of Health & Human Services. (2019, January 4). Health Information Privacy. HHS.gov. https://www.hhs.gov/hipaa/index.html
  62. www.sciencedirect.com. (n.d.). Regulatory Framework - an overview | ScienceDirect Topics. [online] Available at: https://www.sciencedirect.com/ topics/earth-and-planetary-sciences/regulatory-framework#:~:text=Regulatory%20frameworks%20differ%20in%20the [Accessed 2 Aug. 2023].
  63. Yimam, D. and Fernandez, E. B. (2016) “A survey of compliance issues in cloud computing,” Journal of internet services and Applications, 7(1). doi 10.1186/s13174-016-0046-8.

In today's landscape, safeguarding sensitive data is crucial for Organizations, but navigating data protection regulations and ensuring compliance is increasingly challenging. This research project explores Organizations' hurdles in achieving data protection compliance, offering insights to develop more effective strategies. A survey via Google Forms gathered insights from data protection experts and professionals, revealing key challenges such as difficulty understanding complex regulations, limited resources, and obstacles in implementing compliance measures. The study also reviewed the existing data protection regulatory framework and relevant literature, uncovering a common theme of confusion and a gap between regulatory requirements and practical application across Organizations. The research recognises that data protection extends beyond regulatory compliance, reflecting the evolving expectations of individuals and customers regarding the ethical handling of their data. This underscores the importance of data protection as both a legal and ethical responsibility closely tied to organisational reputation and public trust. The findings highlight the need for more precise, accessible guidelines and support mechanisms to bridge the gap between regulatory demands and organisational implementation. By addressing these challenges, Organizations can strengthen their data protection measures, foster trust, and ensure the security of sensitive information.

Never miss an update from Papermashup

Get notified about the latest tutorials and downloads.

Subscribe by Email

Get alerts directly into your inbox after each post and stay updated.
Subscribe
OR

Subscribe by RSS

Add our RSS to your feedreader to get regular updates from us.
Subscribe