Assignment: European GDPR
The European General Data Protection Regulation (GDPR) took effect on May 25, 2018, and will affect any firm or organization anywhere that maintains private information about European citizens or others resident in the EU.
The GDPR was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens' data privacy and to reshape the way organizations across the region approach data privacy.
The GDPR establishes or enhances the following rights and responsibilities:
• Consent: Consent must be clear, distinguishable from all other matters, and as easy to withdraw as it is to give.
• Breach Notification: Notification becomes mandatory, within 72 hours, where a data breach is likely to "result in a risk for the rights and freedoms of individuals".
• Right to Access: Data subjects must be able to confirm "whether or not personal data concerning them is being processed, where and for what purpose", and get a copy of the data held.
• Right to be Forgotten: Also known as Data Erasure, the right to be forgotten "entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data". It should also be noted that this right requires controllers to compare the subjects' rights to "the public interest in the availability of the data" when considering such requests.
• Privacy by Design: Privacy by design as a concept has existed for years now, but it is only just becoming part of a legal requirement with the GDPR. At its core, privacy by design calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition. It also limits the access to personal data to those needing to act out the processing.
Arguably the biggest change to the regulatory landscape of data privacy comes with the extended jurisdiction of the GDPR, as it applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company's location. Thus it affects many if not all large commercial organizations based in the US, and most especially the large internet and social media firms that collect a lot of information about their users.
Your task is to compare this to the rather laissez-faire approach to privacy that exists in the US. The existing US laws present focused privacy requirements that apply to specific industries and selected bits of information, but no overall approach to privacy that applies to every organization operating here. The US also has no specific privacy laws directed at social media firms (Facebook, Pinterest, etc.) or at the customer relationship functionality within other organizations that use social computing techniques to research their customers or market their products. Thus many US organizations are free to collect as much information about individuals as they want, and use it in any way they find profitable.
Research this topic briefly, then write a 1000-1400 word essay comparing the two approaches, the US vs. the EU's GDPR, with a specific focus on how the collision between the two approaches affect a specific organization. Choose as your organization either 1) your current employer, 2) your most recent employer, 3) a large retailing firm such as Yum! Brands, or 4) the University of Denver. (Note that DU employs faculty who are EU citizens and welcomes EU residents as students, and is subject to the Family Educational Rights and Privacy Act (FERPA), the US law governing educational data.)
Format your assignment according to the following formatting requirements:
1. The answer should be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides.
2. The response also include a cover page containing the title of the assignment, the student's name, the course title, and the date. The cover page is not included in the required page length.
3. Also Include a reference page. The Citations and references should follow APA format. The reference page is not included in the required page length.