Abstract

The General Data Protection Regulation (GDPR) is essential for ensuring that personal data is collected and processed with care, to protect the fundamental rights of individuals’ personal data. However, it’s practical implementation presents several challenges.
One issue is the complexity of consent forms, which are often lengthy and filled with legal jargon. This creates a gap between the detailed information provided and the respondent’s understanding of what they are agreeing to. The frequent need to check boxes, whether for research participation or website access, can lead to users giving consent without fully grasping the implications. As a result, many may simply agree without realizing the potential consequences, weakening the protective purpose of the regulation.
In large organizations, another challenge is the inadvertent collection of personal data. Staff members may not always recognize when the information they gather qualifies as personal data. For example, a survey that asks questions like year of birth, occupation, and department can inadvertently reveal respondents’ identities. Sometimes surveys are also falsely labeled as anonymous, giving respondents a false sense of security.
New technology also introduces challenges. One example is open-ended questions that is becoming increasingly popular thanks to AI-driven tools for automated coding and categorization of the answers. Unlike standardized questions, open-ended responses allow respondents to reveal more detail than researchers may anticipate or control, showing the need for reliable ways to protects such data.
To ensure GDPR compliance, organizations must invest time and effort to prevent the unintentional collection of personal data, uphold respondents' rights by clearly explaining what they are consenting to, and safeguard their data in line with the intentions of the GDPR.