GDPR Compliance in SMEs: There is much to be done

Freitas, Maria da Conceição; Silva, Miguel Mira da

doi:10.20897/jisem/3941

Cited by 30 publications

(33 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The General Data Protection Regulation (EU 2016/679), known as GDPR, is an European Union Regulation enforced from 25th May 2018 which introduces major changes regarding personal data and privacy, replacing and repealing the EU's 1995 Data Protection Directive (DPD, also known as Directive 95/46/EC) (European Commission, 2016). It is the most important alteration in the last 20 years regarding data privacy, with far greater magnitude than any similar regulation (Freitas and Mira da Silva, 2018;Allen et al, 2018), and contains obligations regarding the storing, processing, collecting and disclosing of data (Gabriela et al, 2018). With this Regulation, EU aims to give more control to citizens over their personal data, strengthening their rights, to reform how organizations view and control these data, and to remove obstacles to cross-border trades, enabling easier expansion of businesses across Europe, as well as ensuring the free movement of personal data between EU Member States (Boban, 2018;Sirur et al, 2018).…”

Section: General Data Protection Regulation (Gdpr)mentioning

confidence: 99%

“…Regulations, however, have already binding legal force (Seo et al, 2018). Therefore, GDPR is applicable in every Member State without the need for a national legislation implementation, unifying the European Union rules and laws (Freitas and Mira da Silva, 2018). The Regulation has a lot of novelties, starting by the re-definition of personal data, which has been further expanded (Seo et al, 2018).…”

Section: General Data Protection Regulation (Gdpr)mentioning

confidence: 99%

“…Furthermore, organizations must also be able to demonstrate compliance to Supervisory Authorities (European Commission, 2016). Besides technological challenges, GDPR also brings a lot of juridical and functional changes, along with the necessity to educate staff and change their mindset and culture to this new paradigm (Freitas and Mira da Silva, 2018). Since GDPR imposes a lot of changes and challenges, organizations will need to review their processes, routines and procedures, in order to ensure that they collect, hold and process personal data in accordance with the Regulation (Tikkinen-Piri et al, 2018).…”

Section: Gdpr Implementationmentioning

confidence: 99%

“…The implementation of GDPR imposes a set of legal, technological and functional changes, having a major impact in organizations, regardless of their sector or industry (Freitas and Mira da Silva, 2018). Every organization will need to reconsider the way they collect, store and process personal data, adopt new measures and policies, and re-design internal processes to demonstrate their compliance (Boban, 2018).…”

Section: Motivationmentioning

confidence: 99%

“…Although many organizations understand the importance of complying with the new Regulation, the uncertainty around GDPR has led to some divided approaches (Sirur et al, 2018) because GDPR is not prescriptive regarding solutions to achieve compliance, not providing specific guidelines to implement its requirements (Tikkinen-Piri et al, 2018). Therefore, every organization must find and implement organizational and technological solutions to put the provisions in practice (Tikkinen-Piri et al, 2018;Freitas and Mira da Silva, 2018). For that, and to achieve compliance, it is very important to design an implementation strategy and roadmap.…”

Section: Gdpr Implementationmentioning

confidence: 99%

See 4 more Smart Citations

The critical success factors of GDPR implementation: a systematic literature review

Teixeira

Silva

Pereira

2019

DPRG

Self Cite

View full text Add to dashboard Cite

Purpose The digital paradigm people live in today, which drastically increased the consumption of data, is a threat to their privacy. To create a high level of privacy protection for its citizens, the European Union proposed the General Data Protection Regulation (GDPR), which introduces obligations for organizations regarding the storing, processing, collecting and disclosing of data. This paper aims to identify the critical success factors of GDPR implementation. Design/methodology/approach A systematic literature review was conducted by following a strict review protocol, where 32 documents were found relevant to perform the review and to answer to the proposed research questions. Findings The critical success factors of GDPR implementation were identified, including barriers and enablers. Furthermore, benefits of complying with GDPR were identified. Research limitations/implications As GDPR is a relatively recent subject, there are still few scientific papers about it. Therefore, the authors were unable to neither identify nor present a robust conclusion regarding specific topics, such as practical outcomes. Originality/value On the basis of the literature, the identified critical success factors may be useful for organizations as these can be better prepared to achieve compliance by prioritizing the enablers and avoiding the barriers.

show abstract

Section: General Data Protection Regulation (Gdpr)mentioning

confidence: 99%

Section: General Data Protection Regulation (Gdpr)mentioning

confidence: 99%

Section: Gdpr Implementationmentioning

confidence: 99%

Section: Motivationmentioning

confidence: 99%

Section: Gdpr Implementationmentioning

confidence: 99%

See 3 more Smart Citations

The critical success factors of GDPR implementation: a systematic literature review

Teixeira

Silva

Pereira

2019

DPRG

Self Cite

View full text Add to dashboard Cite

show abstract

GDPR Compliance Tools: Best Practice from RegTech

Ryan

Crane

Brennan

2021

Lecture Notes in Business Information Processing

View full text Add to dashboard Cite

Organisations can be complex entities, performing heterogeneous processing on large volumes of diverse personal data, potentially using outsourced partners or subsidiaries in distributed geographical locations and jurisdictions. Many organisations appoint a Data Protection Officer (DPO) to assist them with their demonstration of compliance with the GDPR Principle of Accountability. The challenge for the DPO is to monitor these complex processing activities and to advise and inform the organisation with regard to the organisations demonstration of compliance with the Principle of Accountability. A review of GDPR compliance software solutions shows that organisations are being greatly challenged in meeting compliance obligations as set out under the GDPR, despite the myriad of software tools available to them. Many organisations continue to take a manual and informal approach to GDPR compliance. Our analysis shows significant gaps on the part of GDPR tools in their ability to demonstrate compliance in that they lack interoperability features, and they are not supported by published methodologies or evidence to support their validity or even utility. In contrast, RegTech has brought great success to financial compliance, using technological solutions to facilitate compliance with, and the monitoring of regulatory requirements. A review of the State of the Art identified the four success features of a RegTech system to be, strong data governance, automation through technology, interoperability of systems and a proactive regulatory framework. This paper outlines a set of requirements for GDPR compliance tools based on the RegTech experience and evaluate how these success features could be applied to improve GDPR compliance. A proof of concept prototype GDPR compliance tool was explored using the four success factors of RegTech, in which RegTech best practice was applied to regulator based self-assessment checklist to establish if the demonstration of GDPR compliance could be improved. The application of a RegTech success factors provides opportunities for demonstrable and validated GDPR compliance, notwithstanding the risk reductions and cost savings that RegTech can deliver and can facilitate organisations in meeting their GDPR compliance obligations.

show abstract

Data Protection Officers’ Perspectives on Privacy Challenges in Digital Ecosystems

Wiefling¹,

Tolsdorf²,

Iacono³

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Digital ecosystems are driving the digital transformation of business models. Meanwhile, the associated processing of personal data within these complex systems poses challenges to the protection of individual privacy. In this paper, we explore these challenges from the perspective of digital ecosystems' platform providers. To this end, we present the results of an interview study with seven data protection officers representing a total of 12 digital ecosystems in Germany. We identified current and future challenges for the implementation of data protection requirements, covering issues on legal obligations and data subject rights. Our results support stakeholders involved in the implementation of privacy protection measures in digital ecosystems, and form the foundation for future privacy-related studies tailored to the specifics of digital ecosystems.

show abstract

GDPR Compliance in SMEs: There is much to be done

Cited by 30 publications

References 8 publications

The critical success factors of GDPR implementation: a systematic literature review

The critical success factors of GDPR implementation: a systematic literature review

GDPR Compliance Tools: Best Practice from RegTech

Data Protection Officers’ Perspectives on Privacy Challenges in Digital Ecosystems

Contact Info

Product

Resources

About