GDPR Compliance: En gennemgang af centrale juridiske og økonomiske problemstillinger i et virksomhedsperspektiv

Martin Stål Axelgård Nielsen

Student thesis: Master thesis


As its title indicates, this student master thesis evolves around the newly adopted legislative initiative by the name General Data Protection Regulative, also known In short as GDPR. The thesis is overall divided into three parts, a legal, an economic and finally a part that combines both legal and economic perspectives. The theme in each part focuses on the decision making of the data controller. In regard to this, it is the job of the companies that have data management as their business area, to decide how to live up to the demands of this new legislation, and it is critical to evaluate the economical part of this business side. For some business processes it may prove expensive to be in compliance, but the company has no choice and must either pay the price it costs to be in compliance, or not implement the business process in question.
In the decision making process of the risk-neutral business executive, the decision of non-compliance with GDPR, could also be part of the process. This would to some degree, be decided by the data controllers level of risk-neutrality. In the economic theory, the business is highly motivated by optimizing the profit. In that case, the decision making process could also include evaluation of how much of a risk the specific business process involves, in terms of being fined by the authorities. If non-compliance is part of the decision making process, other factors such as fine size, cost of compliance, and higher turnover following non-compliance should also be included in the economical evaluation of non-compliance. The authorities are sitting on the other site of the table, and have to evaluate their methods of controlling the environment of data treatment and exchange by setting fines. The assumption is that the higher the authorities budget is for control, the more the environment adapts to the legislation. However, in the case of GDPR, not all violations are bad for the environment and could in theory be allowed. To allow certain violations to not be sanctioned, should be compared to the motives for passing the legislation in order to figure out if this possibility is valid in practice.

EducationsMSc in Commercial Law, (Graduate Programme) Final Thesis
Publication date2018
Number of pages82
SupervisorsKim Østergaard & Henrik Lando