The Incorporation of GDPR

The European Union, is one of the most prominent "sui generis" international organizations and is controlled by a number of Conventions and Treaties that impose legal obligations on its member nations in particular domains (Official Journal of the EU, 2021). In instances of conflict, this strategy often wins over national legal systems. Consequently, national legislative systems are united and, in certain cases, consolidated. In response to the fast development of new technologies, EU legislators have recently changed EU data protection regulations to provide European individuals greater authority to assert their rights surrounding the processing of their personal information.

According to the Council of the EU (8 April, 2016), the adoption of the General Data Protection Regulation (GDPR) was the centerpiece of these initiatives. Its wording was finalized on April 8, 2016, and accepted by the European Parliament on April 14. Based on the European Data Protection Supervisor (25 May, 2018), it was subsequently adopted on April 27, 2016 and went into effect on May 24, 2016, and came into force on May 25, 2018. In addition to offering European people greater control over their data protection rights, the GDPR combines the data protection systems of the 28 Member States.

In the last decade, the Data Protection (DP) Regulation of the European Union has undergone a major shift. The use of developing technology, the rapid expansion of social networking, and the computerization of public services have all had an influence on the social, legal, economic, and political realms. Social, legal, economic, and political domains have been affected by the rapidity of development of new technologies and the outcomes of their application, as well as the fast expansion of social networking and the computerized connectivity of public services. Governments, police, and other public entities acquire and handle internet user-posted data for legitimate security purposes. As a consequence of the necessity to combat terrorist threats, the gathering and categorization of information and data about the lives and actions of residents has expanded substantially. The public and private sectors manage personal data in a faceless and depersonalized way, which is highly uncomfortable and usually malevolent.

The implementation of the General Data Protection Regulation in EU member states heralds the arrival of legal rights for data subjects in an era dominated by data. Nonetheless, the successful protection of personal data and the rights of natural people relies not only on the legal framework, but also on the data subjects' understanding of these rights, who must also assume personal responsibility for the protection of personal data.

According to the Official Journal of the EU (27 April, 2016), the EU General Data Protection Regulation (GDPR), which was established by regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, aims to ensure a high level of protection for personal data in all EU member states by establishing standards that are directly applicable to the processing of personal data and, as a result, harmonizing the legal framework. According to the European Commission (10 January, 2017), data may cross EU internal borders provided the planned processing conforms with the GDPR's general criteria, since this does not constitute an international data transfer. Based on recital 10 of GDPR, to promote data sharing inside the EU, a consistent degree of personal data protection and the elimination of impediments to data flows are essential (European Commission, 2019).

The European Commission (2018) claims that in Greece, the General Data Protection Regulation 2016/679/EU creates a digital environment where companies and organizations may more effectively track, safeguard, and manage data. In compliance with GDPR, robust security measures must be in place to secure the data being processed. For instance, all public and private libraries, including the National Library of Greece, must comply with GDPR rules for the protection of personal data. To comply with GDPR rules and guarantee the effective protection of stored special categories of data and personal data, robust security measures must be installed. Kantarcioglu et al (2016) claims that in accordance with the most current advancements in cyber security, network security solutions now combine machine learning and big data analytics, which have resulted in enhanced procedures and better outcomes.?

Therefore, regulation of emerging technology is more vital than ever. According to A. Papadopoulos (2020), it is difficult for regulators to strike a balance between responsible innovation and the deployment of technology for the public good. Based on the European Commission (2017), the cross-border movement of goods and services (both private and public) necessitates the harmonization (and in many instances, unification) of national legal frameworks and the coordination of self-restraint mechanisms across Member States.

Based on the article 33 of GDPR, in the case of a data breach, the data controller must inform the supervisory authority within 72 hours. By doing so, firms face the danger of losing authentic data, sustaining reputational damage, and perhaps incurring GDPR penalties. Due to the enormous costs associated with data breaches, businesses and organizations are actively encouraged to employ security by design to reduce expenditures in their IT security infrastructure and protect their data (IBM Security, 2017; IBM Security, 2019).

From the above said, it is apparent that for firms to minimize risk surrounding GDPR, they need to adopt “technical precautions." According to the European Commission (2016) the legislative reference to "technical measures" in Regulation 2016/679/EU refers to the functions, processes, controls, systems, procedures, and policies that are in place to maintain and protect a company's sensitive data and private information.

But how can success be achieved in the most effective manner? The best course of action, according to Vavousis et al. (2020), is to conduct vulnerability assessments and penetration testing on the network and all of its components, including servers, routers, switches, and endpoints. Moreover, risk assessments will enable the identification of any gaps in all processing operations, the greatest dangers concerning personal data, and the necessary safeguards to be implemented.

References

1. Baldassarre, M.T., Santa Barletta, V., Caivano, D., Raguseo, D. and Scalera, M., 2019, February. Teaching Cyber Security: The HACK-SPACE Integrated Model. In?ITASEC.
2. C. of the E. (2016) Data protection reform: Council adopts position at first reading - Consilium. Data protection reform: Council adopts position at first reading - Consilium. [online]. Available from: https://www.consilium.europa.eu/en/press/press-releases/2016/04/08/data-protection-reform-first-reading/ [Accessed September 18, 2022].
3. Comission, E. (2019) 2_EN_ACT_part1_v4.docx. 2_EN_ACT_part1_v4.docx. [online]. Available from: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52019DC0250&rid=2 [Accessed September 18, 2022].
4. Directive? 95/46/EC? of? the? European? Parliament? and? of? the? Council? of? 24? October? 1995? on? the? protection? of? individuals? with? regard? to? the? processing? of? personal? data? and? on? the? free? movement? of? such? data,? OJ? L? 281,? 23.11.1995,? p.? 31–50, available? ? ? ? ? ? ? ? ? at? ? ? ? ? ? ? ? ? URL:? ? ? ? ? ? ? ? ? https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:31995L0046? (last check, April 30, 2020); No longer in? force,? Date? of? end? of? validity:? 24/05/2018; Repealed? by? Regulation? (EU)? 2016/679.
5. Directive (EU) 2019/790 of the European Parliament and of the Council of 17 April 2019 on? copyright? and? related? rights? in? the? Digital? Single? Market? and? amending? Directives? 96/9/EC? and? 2001/29/EC,? OJ? L? 130,? 17.5.2019,? p.? 92–125,available at URL: https://eur-lex.europa.eu/eli/dir/2019/790/oj?
6. Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the? harmonization? of? certain? aspects? of? copyright? and? related? rights? in? the? information society, OJ L 167, 22.6.2001, p. 10–19, available at URL: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32001L0029(last ? ? check, ? ? April? 30,? 2020);? consolidated? text? of? this? Directive? 2001/29/EC? can? be? found? atURL: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02001L0029-20190606 ? (last ? check, ? April ? 30, ? 2020)
7. E.D.P.S. (2018) The History of the General Data Protection Regulation | European Data Protection Supervisor. European Data Protection Supervisor. [online]. Available from: https://edps.europa.eu/data-protection/data-protection/legislation/history-general-data-protection-regulation_en [Accessed September 18, 2022].
8. European ? Commission, ? 2018, ? The ? GDPR: ? new ? opportunities, ? new ? obligations, Luxembourg:? Publications? Office? of? the? European? Union,? available? at? URL:? https://ec.europa.eu/commission/sites/beta-political/files/data-protection-factsheet-sme-obligations_en.pdf? (last check, April 30, 2020).
9. Grigoriadis, L.G. (2017) Cybersecurity Insurance and New EU Cybersecurity and Data Protection Rules. Business Law Review. 38(Issue 6), 210–218. [online]. Available from: https://dx.doi.org/10.54648/bula2017032 .
10. Kantarcioglu,? M.,? Xi,? B.,? 2016,? Adversarial? Data? Mining:? Big? Data? Meets? Cyber? Security,? CCS? '16:? Proceedings? of? the? 2016? ACM? SIGSAC? Conference? on? Computer and Communications Security, Pages 1866–1867, October 2016.
11. Papadopoulos, Α., 2020. The implementation of the General Data Protection Regulation (GDPR) in the EU and Greece: procedures, risks, challenges and impacts in the context of good governance.
12. Regulation? (EU)? 2016/679? of? the? European? Parliament? and? of? the? Council? of? 27? April? 2016 on? the? protection? of? natural? persons? with? regard? to? the? processing? of? personal? data? and? on? the? free? movement? of? such? data,? and? repealing? Directive? 95/46/EC? (General? Data? Protection? Regulation),? OJ? L? 119,? 4.5.2016,? p.? 1–88, available? ? ? ? ? ? ? ? ? at? ? ? ? ? ? ? ? ? URL:? ? ? ? ? ? ? ? ? https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679 (last check, April 30, 2020)
13. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) [2016] OJ L 119/1. Available at: https://eurlex.europa.eu/eli/reg/2016/679/oj(last accessed on 19th July 2020)
14. Renna, M., 2019. Data breach disclosure duties.?Eur. J. Privacy L. & Tech., p.79.
15. Vavousis, K., Papadopoulos, M., Polley, J. and Xenakis, C., 2020. A compliant and secure IT infrastructure for the National Library of Greece in consideration of internet security and GDPR. Qualitative and Quantitative Methods in Libraries, 9(2), pp.219-236.
16. Vavousis, K., 2021. User and infrastructure security and privacy with regard to compliance.