GDPR compliance in international business: challenges and solutions

Abstract

This thesis investigates the legal burdens international companies face when they want to comply with the GDPR. It focuses on cross-border data transfers, automated decision-making and profiling, fragmented enforcement, and the GDPR’s extraterritorial scope. By conducting thorough analysis of the GDPR provisions, EDPB guidelines and the examination of the CJEU case-law, and legal literature, study shows how invalidation of EU-US Privacy Shield, Article’s 22 interpretation ambiguities, One-Stop Shop mechanism’s bottlenecks impact international personal data transfers, and how they create compliance challenges. The results show that, despite the compliance challenges, using such compliance tools as DPIAs, SCCs and BCRs allow international companies to achieve personal data protection that is in accordance with the GDPR requirements and turn personal data governance into competitive advantage. It recommends deeper DPAs cooperation and wider adoption of privacy-protecting technologies.