A4 Vertaisarvioitu artikkeli konferenssijulkaisussa
Privacy governance and the GDPR: How are organizations taking action to comply with the new privacy regulations in Europe?
Tekijät: Xander Seerden, Hannu Salmela, Anne-Françoise Rutkowski
Toimittaja: Benny M.E. de Waal, Pascal Ravesteijn
Konferenssin vakiintunut nimi: European Conference on Management Leadership and Governance
Kustantaja: Academic Conferences and Publishing International Limited
Julkaisuvuosi: 2018
Kokoomateoksen nimi: Proceedings of the 14th European Conference on Management, Leadership and Governance
Tietokannassa oleva lehden nimi: Proceedings of the 14th European Conference on Management, Leadership and Governance, ECMLG 2018
Aloitussivu: 371
Lopetussivu: 378
ISBN: 978-1-912764-01-3
eISBN: 978-1-912764-02-0
ISSN: 2048-9021
Information Privacy is increasingly important for IT Governance. Prior research has identified several actions with which organizations can govern information privacy. Internet, mobility, big data and analytics is, however, creating more data and also new threats. This has led the European Union to improve data protection legislation by introducing the General Data Protection Regulation (GDPR). In this study, a multiple case study was performed to find actions that organisations take to comply with the GDPR. This study has identified 33 actions that organisations take to prepare for the GDPR. 21 of these actions were not discussed in previous literature analysed. Some of these “new” actions have to do with the change management project the GDPR requires. More interestingly, GDPR specific actions are found that show how Europe's legal climate changes organizational privacy governance through DPOs, DPIAs and other measures. For researchers, this paper extends findings on how organisations are responding to privacy issues and regulations. Practitioners can use the results to compare their own actions with those identified in this study. This was, however, only one study conducted in nine organizations. Further research is needed to understand how the GDPR and privacy governance will continue to evolve and mature. © The Authors, 2018. All Rights Reserved.