"I was pleased to see that the new journal is aimed at managers in the field to better understand the benefits of supply chain management thinking. The journal is focused on delivering these developing best practices to practicing managers. There is a vast gulf between academic’s theory and managerial practice [and] your journal should be a timely addition."
The General Data Protection Regulation: A Myth-buster
Journal:
Click the button below to download the full text of the article.
Abstract: The General Data Protection Regulation1 (GDPR) is an undeniably complex piece of legislation. Privacy professionals everywhere, the present authors included, have a lot to learn and — thankfully — there have been many excellent articles written on the topic. For the most part, these focus on the changes that the GDPR will bring about and, specifically, the compliance actions that organisations must take. By contrast, less has been said about what the new law will not require. This might sound unsurprising (why would anyone want to know about things they do not need to do?) but it is important to remember that, during the course of its adoption, the text of the GDPR changed many times. As a result, some provisions that were originally proposed were dropped from the final law (or otherwise changed beyond recognition), and this inevitably created a certain amount of confusion. Then throw in a sprinkling of occasional misreporting, together with a chain of misinterpretations, and suddenly knowing what the law does not require becomes almost as important as knowing what it does require. Below, this paper sets out — in no particular order — a few of the most common misconceptions regarding the GDPR.
Keywords: GDPR, data protection, regulation, compliance