The General Data Protection Regulation

Alexander Høy & Emil Skov

Student thesis: Master thesis


This master thesis is a legal analysis on whether Danish scout associations, that are subjects to the The Danish General Adult Education Act (folkeoplysningsloven), are bound to appoint a Data Protection Officer (DPO) according to the General Data Protection Regulation (GDPR) of the European Union. It is discovered in chapter 2 how the scout associations will not have to appoint a DPO, since none of the provisions are meet. There are several provisions, which are all regulated in the GDPR article. 37, sec. 1, schedule b-c) and article 37, sec. 4. The economic focus is whether the GDPR is economically reasonable, and how the positive effects ultimately will end up surpassing the negative effects. Chapter 3 finds out the DPO is an influential game changer when the positive economic aspects of implementing the GDPR will have to exceed the negative. It is therefore concluded, that the GDPR will end up with more positive effects when the regulation is complied with possible. Game-theory including Principal/agent-theory and Theory of the Firm clarifies this. The final part of the thesis investigates if it is possible to make the regulation more efficient by changing an article in the regulation. The legal proposal in the end is based on the knowledge from chapter 2 and 3. It is discovered, that the scout associations can have unlimited amount of personal data, but because of none of the provisions to appoint a DPO are meet, a DPO never has to be appointed according to the regulation. Therefore is the proposal, that an organization with no personal data as a core activity, can be forced to appoint a DPO, if they have personal data in a sufficient large scale, and they meet two of the other provisions regular and systematic monitoring or data processing as a core activity

EducationsMSc in Commercial Law, (Graduate Programme) Final Thesis
Publication date2018
Number of pages129