The implementation of the General Data Protection Regulation (GDPR) in the EU and Greece: procedures, risks, challenges and impacts in the context of good governance

Abstract

This dissertation was written as part of the MA program in International Public Administration at the University of Macedonia. It examines the new framework of the General Data Protection Regulation (GDPR), in the era of modern public administration. The obligations of public sector organizations, when processing personal data, are mapped step by step and the practical implications are thoroughly analyzed. Processing is every operation performed on personal data. “Personal data” is every information related to a natural person. We live in the “age of information” and “Big Data”, thus the European legislation on the protection of personal data affects every public or private activity, including the exercise of public administration. It is no exaggeration to characterize personal data as the “new oil” or “new gold”. The way modern economies and states need oil, they also need “Big Data”. Privacy and big data are in many cases contradictory. Big data require massive amount of information to be collected with not a predefined and clear purpose at the time of collection. Users do not have any control on their personal information stored and analyzed by the involved data controllers and the parties that participate in data dissemination may be numerous. Such enormity of the scope makes it impossible for the legislator to foresee every possible issue. Therefore, the GDPR and the relevant national legislations may contain numerous and detailed provisions, but the core of it are firstly the abstract principles, which have evolved the past 50 years and they reflect the rationale of the legislation and secondly the national authorities which enforce its implementation. In order to comprehend the principles of the GDPR, one has to perform a historical and cultural overview of their “source”. Hence, this paper will try to present a brief history of personal data protection under the GDPR in the public sector, how it is conceived mainly within the Greek public administration and EU, the weaknesses and corrective adjustments that have to be performed, for the improvement of Good Governance, drawing conclusions from a relevant questionnaire on GDPR, that has been carried out among employees in the Greek Public Administration, and, finally, its impact.