Murad Erserbetci has worked for various corporations in various positions, most recently as Managing Director and COO for a Spanish company. His particular area of expertise includes operational management and the technical responsibility of a company. Murad Erserbetci has many years of experience in the real estate industry as well as in the public sector. He has also worked as a consultant and honorary lecturer.
On 30 September 2020, he completed his Executive Doctorate in Business Administration. The subject of his dissertation was the implementation of the general data protection regulation in a company with corresponding recommendations for action to the departments, management, IT, and human resources. His supervising professor was Prof. Dr. Thomas Gergen, Higher Institute of Economics, ISEC University of Luxemburg
Thesis Direction
Pr Gergen Thomas
Thesis Title
Introduction of the EU data protection basic regulation: effects and recommendations for action for the divisions, management, personnel and information technology.
Abstract
The following paper describes in three parts the introduction of the General Data Protection Regulation (GDPR). A variant for implementing the requirements of the General Data Protection Regulation introduced on 25 May 2018 is also presented. In the first part, the relevant articles of the GDPR are presented and described in detail. Part 1 also deals with terminology and special features. In particular, the objectives of data protection and the handling of personal data are considered. In addition, the areas of liability, legal remedies, and sanctions are examined. Since data protection violations can result in substantial fines, this section must also be explained in detail and in an understandable way, which is done on a theoretical basis, in Part 1 of this thesis. Part 2 deals with a practical implementation of the General Data Protection Regulation. This is basically about the actual implementation of the General Data Protection Regulation in a company. All relevant departments as well as the corresponding particularities regarding a practical implementation are illuminated. In detail, both technical and administrative areas are considered and explained. An implementation in “running” operations cannot be carried out without problems. For this reason, considerations regarding the structural conditions are also illuminated. Elements from the area of change management play a role here, as do those of data protection in the employment relationship. The development and analysis of a comprehensive data protection management system are just as important as the special international features of Group data protection. The topic of data privacy and compliance risks is also dealt with in Part 2 regarding possible risks. Part 3 contains recommendations for action to be taken by the Management Board, IT / Technology, and Human Resources. Current infringements are listed, and their background is considered. The reasons that led to the fines are explained based on the notices of fines issued. The highly topical subject of the Covid-19 pandemic and the associated explosiveness regarding a possible weakening of data protection is also described of the third Part.