eprintid: 326
rev_number: 16
eprint_status: archive
userid: 64
dir: disk0/00/00/03/26
datestamp: 2021-01-27 17:13:53
lastmod: 2021-02-05 12:35:06
status_changed: 2021-01-27 17:13:53
type: thesis
metadata_visibility: show
creators_name: Falayi, Pretty
corp_creators: Sana Khan
title: GDPR & Data Privacy: Impact of Data Protection in Irish Small and Medium-Sized Enterprises (SMEs).
ispublished: submitted
subjects: H1
subjects: HM
subjects: K1
divisions: MSIBL
full_text_status: public
keywords: Data privacy and protection, General Data Protection Regulation (GDPR)
abstract: Data privacy and protection is a concept which is developing due to the fast-paced evolution of information technology. The substantial reliance on technology especially due to the COVID-19 pandemic has peaked considerably. However, data protection laws such
as the General Data Protection Regulation (GDPR) is enforced to issue penalties in the event of any data breaches. Since the enforcement of the GDPR, all businesses have been mandated to implement the guidelines into their operations. However, the focus for the
GDPR implementation and compliance have been majorly on large companies who are high regulators of data collection, processing, harvesting and storage. These large companies have contributed to a series of data breaches and violation of data privacy and protection laws put in place to curb such occurrences.
The question therein lies about the state of implementation and compliance of small and medium sized businesses in Ireland. There is minimal attention on Irish SMEs to implement and comply with the GDPR. This study focuses on the impact, challenges and compliance
of Irish SMEs in relation to data privacy and protection. It explores the importance of cyber and digital security to these businesses in relation to securing the personal data of their customers, employees and the business. It also portrays the opinions of the Irish SMEs about the General Data Protection Regulations and its relevance to their business operational standards. This study also presents the data analysis and findings derived
from the interviews granted by willing Irish business representatives, managers and owners. It shares their perspectives and what they have experienced with the GDPR
implementation and compliance. These perspectives were critically examined and evaluated for the purpose of this study.
date: 2020-05-29
date_type: submitted
institution: Griffith College.
department: Graduate Business School: MSc in International Business and Law
thesis_type: masters
referencetext: REFERENCES:


Ashford, W. (2016) ‘Organisations Make Data Protection an Investment Priority
Ahead of GDPR’. Computer Weekly, pp. 4–6. Available at:
http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=11460
2126&site=ehost-live (Accessed: 14 December 2019).

Beduschi, A. (2019) ‘Digital Identity: Contemporary Challenges for Data Protection,
Privacy and Non-Discrimination Rights’. Big Data & Society, 6(2), p.
2053951719855091. DOI: 10.1177/2053951719855091.

Ben Wolford (2019) Do Consumers Know Their GDPR Data Privacy Rights?
GDPR.eu. Available at: https://gdpr.eu/consumers-gdpr-data-privacy-rights/
(Accessed: 17 May 2020).

Ben Wolford (2019) Millions of Small Businesses Aren’t GDPR Compliant, Our
Survey Finds. GDPR.eu. Available at: https://gdpr.eu/2019-small-businesssurvey/ (Accessed: 17 May 2020).

Brown, B.J. and Baker, S. (2007) Philosophies of Research into Higher Education.
[Ebook] Bloomsbury Publishing. Available at: Available at:
https://www.perlego.com/book/805633/philosophies-of-research-intohigher-education (Accessed: 6 May 2020).

Canepari, M. (2015) An Introduction to Discourse Analysis and Translation Studies.
[Ebook] EDUCatt. Available at: Available at:
https://www.perlego.com/book/1084888/an-introduction-to-discourseanalysis-and-translation-studies (Accessed: 22 May 2020).

Cardoso, J., Lopes, R. and Poels, G. (2014) ‘Conceptual Frameworks’. SpringerBriefs
in Computer Science, (9783319108124), pp. 15–33. DOI: 10.1007/978-
3-319-10813-1_2.

Christian Kurtz, U. of H., Martin Semmann, U. of H. and Tilo BÃ\Phmann, U. of H.
(2018) ‘Privacy by Design to Comply with GDPR: A Review on Third-Party

Data Processors’. INFORMATION SYSTEMS SECURITY AND PRIVACY
(SIGSEC), p. 10. Available at:
https://aisel.aisnet.org/amcis2018/Security/Presentations/36/.

Digital Rights Ireland Ltd -v- Minister for Communication & Ors [2010] IEHC 221.
(2010) (2006 3785 P) Digital Rights Ireland Ltd -v- Minister for

Communication & Ors [2010] IEHC 221. Available at:
http://www.bailii.org/ie/cases/IEHC/2010/H221.html (Accessed: 12
December 2019).

DPC (2019) ‘Data Protection Commission Annual Report 25 May-31 December
2018’. Available at:
https://www.dataprotection.ie/sites/default/files/uploads/2019-
03/DPC%20Annual%20Report%2025%20May%20-
%2031%20December%202018.pdf (Accessed: 18 May 2020).

EDPS. (2020) EPrivacy Directive. European Data Protection Supervisor - European
Data Protection Supervisor. Available at: https://edps.europa.eu/dataprotection/our-work/subjects/eprivacy-directive_en (Accessed: 16 May
2020).

EDPS. (2016) European Data Protection Supervisor (EDPS). European Union.
Available at: https://europa.eu/european-union/about-eu/institutionsbodies/european-data-protection-supervisor_en (Accessed: 18 May 2020).

El-Leithy, K. (2020) COVID-19 and Data Protection Compliance | White & Case LLP.
White & Case LLP. Available at:
https://www.whitecase.com/publications/alert/covid-19-and-dataprotection-compliance (Accessed: 5 May 2020).

European Commission. (2017) Proposal for an EPrivacy Regulation. Shaping
Europe’s digital future - European Commission. Available at:
https://ec.europa.eu/digital-single-market/en/proposal-eprivacy-regulation (Accessed: 17 May 2020).

European Union (2019) EU DATA PROTECTION RULES. Available at:
https://ec.europa.eu/commission/sites/betapolitical/files/eu_data_protection_rules_-
_main_takeways_for_the_future.pdf (Accessed: 20 October 2019).

European Union. (2018) ‘Regulation (EU) 2016/679 on the Protection of Natural
Persons with Regard to the Processing of Personal Data and on the Free
Movement of Such Data (General Data Protection Regulation – GDPR)’.
International and European Labour Law, 2014(October 1995), pp. 958–981. DOI: 10.5771/9783845266190-974.

European Union and Agency for Network and Information Security (2016)
Guidelines for SMEs on the Security of Personal Data Processing. Available
at: http://dx.publications.europa.eu/10.2824/867415 (Accessed: 30 April2020).

Galli, F. (2016) ‘Digital Rights Ireland as an Opportunity to Foster a Desirable
Approximation of Data Retention Provisions’. Maastricht Journal of
European and Comparative Law, 23(3), pp. 460–477. DOI:10.1177/1023263X1602300305.

GDPR.EU. (2018) Art. 4 GDPR - Definitions. GDPR.eu. Available at:
https://gdpr.eu/article-4-definitions/ (Accessed: 12 May 2020).
Jackson, O. (2018) ‘Many Small Firms Are Still Unprepared for GDPR’. International
Financial Law Review, pp. 1–1.

Jardine, E. (2018) ‘Privacy, Censorship, Data Breaches and Internet Freedom: The
Drivers of Support and Opposition to Dark Web Technologies’. New Media
& Society, 20(8), pp. 2824–2843. DOI: 10.1177/1461444817733134.

Jørgensen, M.W. and Phillips, LJ. (2002) Discourse Analysis as Theory and Method.
SAGE Publications [Ebook] Available at: Available at:
https://www.perlego.com/book/861080/discourse-analysis-as-theory-andmethod (Accessed: 22 May 2020).

Kaan, T. S. and Ho, C. W. (2013) Genetic Privacy: An Evaluation of The Ethical and
Legal Landscape: An Evaluation of the Ethical and Legal Landscape. [Ebook]
Imperial College Press. Available at: Available at:
https://www.perlego.com/book/839770/genetic-privacy-an-evaluation-ofthe-ethical-and-legal-landscape (Accessed: 12 May 2020).

Kearney, S. (2019) ‘Gdpr: Privacy Considerations for the Digital Single Market’.
Journal of Internet Law, 22(8), pp. 16–21. Available at: 
http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=13461
9099&site=ehost-live (Accessed: 12 December 2019).

Lau, N. et al. (2018) ‘Human Factors in Cybersecurity – Perspectives from
Industries’. Proceedings of the Human Factors and Ergonomics Society
Annual Meeting, 62(1), pp. 139–143. DOI:10.1177/1541931218621032.

Leenes, R. et al. (2017) Data Protection and Privacy: The Age of Intelligent
Machines. [Ebook] Bloomsbury Publishing Available at: Available at:
https://www.perlego.com/book/809079/data-protection-and-privacy (Accessed: 12 May 2020).

Lindgren, P. (2018) ‘GDPR Regulation Impact on Different Business Models and
Businesses’. Journal of Multi Business Model Innovation and Technology,
4(3), pp. 241–254. DOI: 10.13052/jmbmit2245-456x.434.

Loveday, C. and Abraham, R. (2018) ‘The General Data Protection Regulation -
Another Key Compliance Area for Global Business’. Defense Counsel
Journal, 85(3), pp. 1–16. Available at: http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=130846678&site=ehost-live (Accessed: 12 December 2019).

Martin, K.D., Borah, A. and Palmatier, R.W. (2017) ‘Data Privacy: Effects on Customer
and Firm Performance’. Journal of Marketing, 81(1), pp. 36–58. DOI:
10.1509/jm.15.0497.

Matzner, T. et al. (2016) ‘Do-It-Yourself Data Protection—Empowerment or
Burden?’ In Gutwirth, S. Leenes, R.and De Hert, P. (eds.) Data Protection on
the Move: Current Developments in ICT and Privacy/Data Protection. Law,
Governance and Technology Series. Dordrecht: Springer Netherlands, pp.277–305. DOI: 10.1007/978-94-017-7376-8_11.

Mortleman, J. (2018) ‘Why GDPR Is Great for SMEs’. Computer Weekly, pp. 17–21.
Available at: http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=127389473&site=ehost-live (Accessed: 14 December 2019).

Munn, L., Hristova, T. and Magee, L. (2019) ‘Clouded Data: Privacy and the Promise
of Encryption’. Big Data and Society, 6(1), pp. 1–16. DOI:10.1177/2053951719848781.

Opitz, E.L. (2018) ‘Cybersecurity for the Board of Directors of Small and Midsized
Businesses’. Board Leadership, 2018(159), pp. 4–5. DOI:10.1002/bl.30115.

Saunders, M., Lewis, P. and Thornhill, A. (2015) ‘Understanding Research
Philosophies and Approaches’. Research Methods for Business Students, 4, pp. 106–135.

Saunders, M. N.K., Thornhill, A. and Lewis, P. (2019) Research Methods for Business
Students. 8th ed. [Ebook] Pearson Available at: Available at:
https://www.perlego.com/book/971477/research-methods-for-businessstudents (Accessed: 8 May 2020).

Sharma, S. (2019) Data Privacy and GDPR Handbook. [Ebook] Wiley Available at:
Available at: https://www.perlego.com/book/1323927/data-privacy-andgdpr-handbook (Accessed: 9 May 2020).

Sirur, S., Nurse, J.R.C. and Webb, H. (2018) ‘Are We There yet? Understanding the
Challenges Faced in Complying with the General Data Protection Regulation (GDPR)’. Proceedings of the ACM Conference on Computer and
Communications Security, pp. 88–95. DOI: 10.1145/3267357.3267368.

Spinello, R.A. (2006) Cyberethics: Morality and Law in Cyberspace. revised. Jones &
Bartlett Learning Available at: https://books.google.ie/books?id=NEyg1T9-
dD0C&printsec=frontcover&dq=cyber+ethics&hl=en&sa=X&ved=0ahUKEw
i25JnUnonpAhWgSxUIHe8TAB0Q6AEIKDAA#v=onepage&q=cyber%20ethics&f=false (Accessed: 27 April 2020).

Sun, Y. et al. (2014) ‘Data Security and Privacy in Cloud Computing’. International
Journal of Distributed Sensor Networks, 10(7), p. 190-903. DOI:10.1155/2014/190903.

Usman, M. et al. (2019) ‘A Survey on Representation Learning Efforts in
Cybersecurity Domain’. ACM Computing Surveys, 52(6), pp. 1–28. DOI:10.1145/3331174.

Wilner, A.S. (2018) ‘Cybersecurity and Its Discontents: Artificial Intelligence, the
Internet of Things, and Digital Misinformation’. International Journal, 73(2), pp. 308–316. DOI: 10.1177/0020702018782496.

Wong, J.C. (2019) The Cambridge Analytica Scandal Changed the World – but It
Didn’t Change Facebook. Available at: https://www.theguardian.com/technology/2019/mar/17/the-cambridgeanalytica-scandal-changed-the-world-but-it-didnt-change-facebook (Accessed: 18 October 2019).

Zerlang, J. (2017) ‘GDPR: A Milestone in Convergence for Cyber-Security and Compliance’. Network Security, 2017(6), pp. 8–11. DOI: 10.1016/S1353-4858(17)30060-0.
citation:   Falayi, Pretty  (2020) GDPR & Data Privacy: Impact of Data Protection in Irish Small and Medium-Sized Enterprises (SMEs).  Masters thesis, Griffith College..   
document_url: http://go.griffith.ie/326/1/Pretty%20Falayi.pdf
document_url: http://go.griffith.ie/326/4/Pretty%20Falayi.txt