Home   »  The General Data Protection Regulation Between Normative Evolution and Data Governance Management

The General Data Protection Regulation Between Normative Evolution and Data Governance Management

Claudia Pau *, Mihaela Martin, Alina Stancovici

Babeș-Bolyai University, UBB Center from Reșița, Faculty of Political, Administrative and Communication Sciences
Traian Vuia Square, no. 1-4, Reșița, Caraș-Severin, România
* Corresponding author. E-mail: claudia.pau@ubbcluj.ro

Robotica & Management, Vol. 30, No. 2, pp. 75-80
DOI: https://doi.org/10.24193/rm.2025.2.14

Abstract. The General Data Protection Regulation (GDPR) represents the central pillar of European data governance, instituting the transition from a formal–procedural compliance approach to a model based on accountability, transparency and continuous risk assessment. Its evolution reflects a progressive normative consolidation at the level of the European Union, yet the published literature highlights the persistence of notable differences in effective implementation, generated by uneven organizational capacity and divergent maturity levels of managerial practices. The relevance of the GDPR becomes particularly evident in the domain of data protection incidents, where the convergence between the legal dimension and the managerial one is most visible. In this sense, the value of the GDPR is not conferred solely by its normative texture, but by the internalization of data protection as an anticipatory strategic function, embedded within organizational processes of detection, reporting and remediation. Thus, incident management represents the operational indicator of GDPR maturity in practice.

Keywords: digital governance, incident management, information risk, transparency, organizational resilience.

Full text

References

[1] European Data Protection Board: “Annual Report 2023”, EDPB Publications Office -used as basis for trend representation, 2024.

[2] ENISA: Data breach notifications in the EU: Overview Report. European Union Agency for Cybersecurity – used as basis for trend representation, 2023.

[3] Court of Justice of the European Union: “Key GDPR jurisprudence” – Case Law Digest, 2022.

[4] European Commission, “GDPR Procedural Regulation Proposal – COM”, 728 final, 2023.

[5] European Commission: “Data Act – Regulation (EU) 2023/2854 Summary Note”, 2024.

[6] European Commission, “European Health Data Space Regulation – Official Journal”, 2025.

[7] Finck M.: “GDPR and the Internet of Things: A New Regulatory Model for Data Protection?” Computer Law & Security Review, 2020.

[8] Voigt P., von dem Bussche, A.: “The Concept of Accountability under the GDPR”. International Data Privacy Law, 2018.

[9] Kloza D. et al.: “Data Protection Impact Assessments: Features, Roles and Management Expectations under GDPR”, Computer Law & Security Review, 2021.

[10] Mildebrandt M.: “Data protection as a risk governance tool in the European Digital Ecosystem”, Law, Innovation & Technology, 2022.

[11] Kaminski M.E., Malgieri G. :“Algorithmic Impact Assessments under EU Data Protection: From Principle to Practice. Yale Journal on Regulation”, 2020.