The critical success factors of GDPR implementation: a systematic literature review

Teixeira, Gonçalo Almeida; Silva, Miguel Mira da; Pereira, Rúben

doi:10.1108/dprg-01-2019-0007

Cited by 40 publications

(45 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As implied by the nature of the Regulation taken, and even on the basis of some investigations and opinions already published (Khan, 2018;Hoofnagle et al, 2019;Almeida Teixeira et al, 2019), the implementation of GDPR is not supposed to be a short-term one-off activity, but a complex activity that fully becomes the part of any organization that in any way processes personal data -either about customers or about their own employees (Perry, 2019). Garber (2018) also states: "If a business does not have a sufficient overview of its data, this process will disrupt the IT department, compliance team and the business itself.…”

Section: Literature Review and Propositionsmentioning

confidence: 99%

“…By mapping its own data, the organization gets an idea of the overall information flow. Its optimization can lead to lower operational costs (Beckett, 2017;Perry, 2019), more credible data analysis (Garber, 2018;Almeida Teixeira et al, 2019) and, last but not least, increased customer confidence and corporate competitiveness (Beckett, 2017;Almeida Teixeira et al, 2019;Datoo, 2018).…”

Section: Literature Review and Propositionsmentioning

confidence: 99%

“…As mentioned above, the Personal Data Protection Regulation does not precisely define the technological means and procedures that should lead to its successful incorporation (Tankard, 2016;Tamburri, 2020). Based on a broad systematic literature review (Almeida Teixeira et al, 2019) published in the period after the commencement of GDPR, individual articles propose a three-or four-step implementation procedure. Regardless of the number of steps, the individual subframes coincide in the procedure.…”

Section: Implementation Frameworkmentioning

confidence: 99%

“…The first and fundamental step is a comprehensive understanding of the organization in terms of structure and continuity of individual data (Almeida Teixeira et al, 2019). Every processing takes place within a certain system framework and therefore it is necessary to take into account the entire data management of the company, all the systems used, the way they are used and the analysis of responsibility for data collection and analysis.…”

Section: Implementation Frameworkmentioning

confidence: 99%

“…Although, an universally valid framework (regardless of the number of implementation steps taken) has been identified for any organization to achieve compliance (Almeida Teixeira et al, 2019;Garber, 2018;Tamburri, 2020), each GDPR project takes place in the context of given organization. Therefore, the scope, time frame and cost intensity of the implementation projects are always given by the contextual factors -specifically by characteristics of the selected organization as well as the specifics and circumstances of the implementation itself.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Factors Determining the Extent of GDPR Implementation Within Organizations: Empirical Evidence From Czech Republic

Faifr

Januska

2021

Journal of Business Economics and Management

View full text Add to dashboard Cite

In this paper, the key factors that affect the extent of GDPR implementation in enterprises are analysed. Since 2018, all organizations operating in the European Union or processing personal data of EU citizens have had to incorporate a new regulation in their work. After three years of experience, possible key factors that significantly affect the cost of the entire project have been theoretically identified. However, a research gap remains whether the factors thus defined actually have a real impact on the implementation within organizations. Therefore, this study focuses on an empirical investigation of those characteristics using quantitative approach combining Chi-squared tests and the Classification and Regression Tree method. Based on a survey of organizations in the Czech Republic, this paper outlines that the size of the organization, the typology of personal data processed and the way GDPR is implemented determine the scope of the implementation project within organizations. On the other hand, there is no clear evidence that there is significant role in whether it is a public or private organization.

show abstract

Section: Literature Review and Propositionsmentioning

confidence: 99%

Section: Literature Review and Propositionsmentioning

confidence: 99%

Section: Implementation Frameworkmentioning

confidence: 99%

Section: Implementation Frameworkmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Factors Determining the Extent of GDPR Implementation Within Organizations: Empirical Evidence From Czech Republic

Faifr

Januska

2021

Journal of Business Economics and Management

View full text Add to dashboard Cite

show abstract

A roadmap to achieving a healthier information ecosystem through GDPR implementation and privacy compliance technologies

Li,

Xiong,

Yang

2024

Asso for Info Science & Tech

View full text Add to dashboard Cite

Privacy protection has become a central issue in information science, with the General Data Protection Regulation (GDPR) significantly impacting information ecosystems. Research gaps persist in understanding the causal relationship between GDPR implementation and websites' proactive changes, such as adopting privacy compliance technologies. This study aims to examine the influence of GDPR implementation on websites' information ecosystems and identify boundary conditions that may affect this relationship. Utilizing domain‐level data from a professional platform tracking website technologies before and after GDPR implementation, which encompasses a comprehensive longitudinal dataset of over 1.2 million websites, our results indicate that GDPR implementation has increased the decision, breadth, depth, and intensity of adopting related technologies. The variance in these adoptions is significantly shaped by the differing levels of institutional impacts experienced by trailblazing versus laggard industries. Our study contributes to the literature by revealing the importance of policy factors in fostering a healthier information ecosystem. We demonstrate the complex nature of the relationship between policy factors and technology adoption, highlighting the need for researchers to consider institutional context and industry‐specific characteristics. We further discuss valuable insights for relevant stakeholders.

show abstract

GDPR-Compliant Data Processing: Practical Considerations

Almeida

Cunha

Pereira

2022

Information Systems

View full text Add to dashboard Cite

The critical success factors of GDPR implementation: a systematic literature review

Cited by 40 publications

References 27 publications

Factors Determining the Extent of GDPR Implementation Within Organizations: Empirical Evidence From Czech Republic

Factors Determining the Extent of GDPR Implementation Within Organizations: Empirical Evidence From Czech Republic

A roadmap to achieving a healthier information ecosystem through GDPR implementation and privacy compliance technologies

GDPR-Compliant Data Processing: Practical Considerations

Contact Info

Product

Resources

About