Making Sense of the General Data Protection Regulation—Four Categories of Personal Data Access Challenges

AbstractThe General Data Protection Regulation (GDPR) was enforced in the pan-European area on May 25th, 2018. From the perspective of data access research, among others, this introduces significant changes into organizations and their practices. However, so far, there is limited research offering insights into such a new policy phenomenon for organizations from the perspective of access to personal data. This paper is based on an ethnographic study of a 2-day workshop in which five European insurance organizations came together to share the results of sensemaking in their organizations and knowledge around the GDPR. We examined how the participants interpreted the GDPR and the compliance challenges they faced. These challenges are categorized into four dimensions of personal data access, as follows: Procedure, Protection, Privacy, and Proliferation. These challenges are significant for any organization that acts as a processor and/or controller to consider.


Return to previous page