Enhancing Information Governance with Enterprise Architecture Management: Design Principles Derived from Benefits and Barriers in the GDPR Implementation

Burmeister, Fabian; Huth, Dominik; Drews, Paul; Schirmer, Ingrid; Matthes, Florian

doi:10.24251/hicss.2020.688

Cited by 8 publications

(9 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Svizzance and Versuisse, for example, were in the process of re-aligning existing data and system landscape documentation with their existing databases and systems by specifying additional details and updating them when necessary. For this purpose, both organizations turned to enterprise architecture tools to define and document the protected data scope—an approach that has also been proposed by academic research (Burmeister et al, 2019, 2020; Huth, Burmeister, et al, 2020). In the case of Leares, the company did not have any similar existing documentation, and it became clear that this capability should be the focus of initial efforts, as other capabilities could not be realized without understanding the protected data scope.…”

Section: Data Management Capabilities For the Eu-gdprmentioning

confidence: 99%

“…Although legal aspects of information privacy had not been among the “topic areas closer to the interests of most IS researchers” (Bélanger and Crossler, 2011), the EU-GDPR has recently attracted more academic interest. Like the idea of regulatory technologies for financial regulations, so-called "RegTech" (Butler and O’Brien, 2019), IS researchers have mostly focused on technical solutions that ease EU-GDPR compliance, such as blockchain (Farshid et al, 2019; Guggenmos et al, 2020; Mejtoft et al, 2019; Rieger et al, 2019) or enterprise architecture (Burmeister et al, 2019, 2020; Huth, Burmeister, et al, 2020). In doing so, the existing body of IS research on EU-GDPR remains fragmented and proposes solutions for isolated aspects of the regulation.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Building data management capabilities to address data protection regulations: Learnings from EU-GDPR

Labadie

Legner

2023

Journal of Information Technology

View full text Add to dashboard Cite

The European Union’s General Data Protection Regulation (EU-GDPR) has initiated a paradigm shift in data protection toward greater choice and sovereignty for individuals and more accountability for organizations. Its strict rules have inspired data protection regulations in other parts of the world. However, many organizations are facing difficulty complying with the EU-GDPR: these new types of data protection regulations cannot be addressed by an adaptation of contractual frameworks, but require a fundamental reconceptualization of how companies store and process personal data on an enterprise-wide level. In this paper, we introduce the resource-based view as a theoretical lens to explain the lengthy trajectories towards compliance and argue that these regulations require companies to build dedicated, enterprise-wide data management capabilities. Following a design science research approach, we propose a theoretically and empirically grounded capability model for the EU-GDPR that integrates the interpretation of legal texts, findings from EU-GDPR-related publications, and practical insights from focus groups with experts from 22 companies and four EU-GDPR projects. Our study advances interdisciplinary research at the intersection between IS and law: First, the proposed capability model adds to the regulatory compliance management literature by connecting abstract compliance requirements to three groups of capabilities and the resources required for their implementation, and second, it provides an enterprise-wide perspective that integrates and extends the fragmented body of research on EU-GDPR. Practitioners may use the capability model to assess their current status and set up systematic approaches toward compliance with an increasing number of data protection regulations.

show abstract

Section: Data Management Capabilities For the Eu-gdprmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Building data management capabilities to address data protection regulations: Learnings from EU-GDPR

Labadie

Legner

2023

Journal of Information Technology

View full text Add to dashboard Cite

show abstract

“…This obligation poses major challenges for companies and organisations that work with personal data as its accuracy and comprehensiveness are closely associated with the level of embracement of the data protection principles. Building on the same idea (Blanco-Lainé et al 2020;Burmeister et al 2019Burmeister et al , 2020 argue that EAM can play a key role in the GDPR implementation by addressing the privacy and security related concerns of various classes of stakeholders and by doing so to gain a better understanding of how an effective information governance could be implemented in the organisation. Referring to the size of the organisation, (Rozehnal and Novak 2018) argue that EAM can bring equal benefits to SMEs, where resources for the support of GDPR compliance processes are inheritably limited.…”

Section: Mrq4: What Does Big Data Research Show Regarding the Rising Needs For Dpd Or Gdpr?mentioning

confidence: 99%

Enterprise architecture management as a solution for addressing general data protection regulation requirements in a big data context: a systematic mapping study

Georgiadis

Poels

2021

Inf Syst E-Bus Manage

View full text Add to dashboard Cite

Context Big Data Analytics is a rapidly emerging IT practice whose applications offer benefits for a wide variety of business areas across an organisation. Given the wide scope of applications, the many types of processing involved, including those for purposes not yet foreseen, and the inherent privacy concerns resulting from collecting and storing personal data, the newly introduced General Data Protection Regulation (GDPR) poses specific challenges for safeguarding the security and protection of big data. These challenges are not limited to the IT function but extend across the entire organisation. This raises the question whether Enterprise Architecture Management (EAM), as an approach for ensuring the coherence, strategic alignment and focus on value creation of all organisational resources, offers guidance for addressing those challenges in a holistic manner, and thus provides a fruitful ground for developing an approach for complying to GDPR requirements in a Big Data context. Objective This study surveys the state-of-the-art in research on security, privacy, and protection of big data. The focus is on investigating which specific issues and challenges have been identified and whether these have been linked to GDPR requirements. Further, it examines whether previous research has investigated the potential of EAM in addressing those challenges and what the main findings of those studies are. Method We used Systematic Mapping Review (SMR), which is a methodology for literature review aimed at surveying the state-of-the-art in a research field as it is documented in the scientific literature. Further, we used Template Analysis, which is a thematic analysis technique, for coding the texts of the selected papers, classifying the research studies, and interpreting the different themes addressed in the literature.

show abstract

“…Regarding the second reason, scholars proved that: respecting the privacy of consumers means enhancing their trust so that they will feel safer and more open to interacting with marketers and sellers (Tang et al , 2008; Zhang et al , 2020) and this could empower also the public reputation of marketers (especially toward consumer associations, privacy non-governmental organizations, etc. ); and complying with data protection principles (accuracy, storage limitation, integrity, security and accountability) can bring even more efficiency to the data management model of the company (Burmeister et al , 2020; Poritskiy et al , 2019; Zerlang, 2017). …”

Section: Introduction: Mental Privacy and The New Challenge Of Commer...mentioning

confidence: 99%

“…complying with data protection principles (accuracy, storage limitation, integrity, security and accountability) can bring even more efficiency to the data management model of the company (Burmeister et al , 2020; Poritskiy et al , 2019; Zerlang, 2017).…”

Section: Introduction: Mental Privacy and The New Challenge Of Commer...mentioning

confidence: 99%

In/acceptable marketing and consumers' privacy expectations: four tests from EU data protection law

Malgieri

2021

JCM

View full text Add to dashboard Cite

Purpose This study aims to discover the legal borderline between licit online marketing and illicit privacy-intrusive and manipulative marketing, considering in particular consumers’ expectations of privacy. Design/methodology/approach A doctrinal legal research methodology is applied throughout with reference to the relevant legislative frameworks. In particular, this study analyzes the European Union (EU) data protection law [General Data Protection Regulation (GDPR)] framework (as it is one of the most advanced privacy laws in the world, with strong extra-territorial impact in other countries and consequent risks of high fines), as compared to privacy scholarship on the field and extract a compliance framework for marketers. Findings The GDPR is a solid compliance framework that can help to distinguish licit marketing from illicit one. It brings clarity through four legal tests: fairness test, lawfulness test, significant effect test and the high-risk test. The performance of these tests can be beneficial to consumers and marketers in particular considering that meeting consumers’ expectation of privacy can enhance their trust. A solution for marketers to respect and leverage consumers’ privacy expectations is twofold: enhancing critical transparency and avoiding the exploitation of individual vulnerabilities. Research limitations/implications This study is limited to the European legal framework scenario and to theoretical analysis. Further research is necessary to investigate other legal frameworks and to prove this model in practice, measuring not only the consumers’ expectation of privacy in different contexts but also the practical managerial implications of the four GDPR tests for marketers. Originality/value This study originally contextualizes the most recent privacy scholarship on online manipulation within the EU legal framework, proposing an easy and accessible four-step test and twofold solution for marketers. Such a test might be beneficial both for marketers and for consumers’ expectations of privacy.

show abstract

Enhancing Information Governance with Enterprise Architecture Management: Design Principles Derived from Benefits and Barriers in the GDPR Implementation

Cited by 8 publications

References 20 publications

Building data management capabilities to address data protection regulations: Learnings from EU-GDPR

Building data management capabilities to address data protection regulations: Learnings from EU-GDPR

Enterprise architecture management as a solution for addressing general data protection regulation requirements in a big data context: a systematic mapping study

In/acceptable marketing and consumers' privacy expectations: four tests from EU data protection law

Contact Info

Product

Resources

About