Making Sense of the General Data Protection Regulation—Four Categories of Personal Data Access Challenges

Grundstrom, Casandra
Väyrynen, Karin
Iivari, Netta
Isomursu, Minna
Journal Title
Journal ISSN
Volume Title
The General Data Protection Regulation (GDPR) was enforced in the pan-European area on May 25th, 2018. From the perspective of data access research, among others, this introduces significant changes into organizations and their practices. However, so far, there is limited research offering insights into such a new policy phenomenon for organizations from the perspective of access to personal data. This paper is based on an ethnographic study of a 2-day workshop in which five European insurance organizations came together to share the results of sensemaking in their organizations and knowledge around the GDPR. We examined how the participants interpreted the GDPR and the compliance challenges they faced. These challenges are categorized into four dimensions of personal data access, as follows: Procedure, Protection, Privacy, and Proliferation. These challenges are significant for any organization that acts as a processor and/or controller to consider.
Privacy and Economics, Internet and the Digital Economy, data access, GDPR, insurance organizations, personal data, sensemaking
Access Rights
Email if you need this content in ADA-compliant format.