Abstract
The EU general data protection regulation (GDPR) is the most important change in data privacy regulation in 20 years. The regulation will fundamentally reshape the way in which data are handled across every sector. The organizations had two years to implement it. Despite this, it has been observed that, in several sectors of activity, the number of organizations having adopted that control is low. This study aimed to identify the factors which condition the adoption of the GDPR by organizations. Methodologically, the study involved interviewing the officials in charge of information systems in 18 health clinics in Portugal. The factors facilitating and inhibiting the implementation of GDPR are presented and discussed. Based on these factors, a set of recommendations are made to enhance the adoption of the measures proposed by the regulation. The study used Institutional Theory as a theoretical framework. The results are discussed in light of the data collected in the survey, and possible future works are identified.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Mäkinen, J.: Data quality, sensitive data and joint controller ship as examples of grey areas in the existing data protection framework for the Internet of Things. Inf. Commun. Technol. Law 24(3), 262–277 (2015)
Nurse, J.R.C., Creese, S., De Roure, D.: Security risk assessment in Internet of Things systems. IEEE IT Prof. 19(5), 20–26 (2017)
European Parliament and Council, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, Official Journal of the European Union (2016)
XXXX
Skendzic, A., Kovacic, B., Tijan, E.: General data protection regulation—protection of personal data in an organization. In: 41st International Convention on Information and Communication Technology, Electronics and Microelectronics, pp 1370–1375 (2018)
Da Conceição Freitas, M., Mira da Silva, M.: GDPR in SMEs, vol. 2018, pp. 1–6. In: 13th Iberian Conference on Information Systems and Technologies (2018)
West, I.: The big scan thing!—How the EU General Data Protection Regulation (GDPR) will affect your business! https://www.slideshare.net/CraigShipley1/digital-enterprise-festival-birmingham-130417-ian-west-cognizant-vp-data-management-the-implications-of-the-eu-global-data-protection-regulation-on-every-business-and-their-digital-service-providers. Last accessed 1 Dec 2018
Brown, S.L., Eisenhardt, K.M.: Competing on the edge: strategy as structured chaos. Harvard Business School Press, Boston (1998)
Scott, W.: Institutional Theory. Encyclopedia of Social Theory, pp. 408–414. Thousand Oaks, Sage (2004)
DiMaggio, P. Powell, W.: Introduction. In: Powell, W.W., DiMaggio, P.J. (eds.) The New Institutionalism in Organizational Analysis, pp. 1–38. University of Chicago Press, Chicago (1991)
North, D.: Institutions, Institutional Change and Performance. Cambridge University Press, Cambridge (1990)
Scott, W.R.: Institutions and Organizations: Ideas and Interests, 3rd edn. Sage, Thousand Oaks (2008)
Tolbert, P.S., Zucker, L.G.: The institutionalization of institutional theory. In: Handbook of Organization Studies. Sage, London (1996)
Tolbert, P.S., Zucker, L.G.: A institucionalização da teoria institucional. In: Clegg, S., Hardy, C., Nordy, W (eds.) Handbook de estudos organizacionais (pp. 196–219). Tradução de Humberto F. Martins e Regina Luna S. Cardoso, v.1. Atlas, São Paulo (1999)
Acknowledgements
UNIAG, R&D unit funded by the FCT—Portuguese Foundation for the Development of Science and Technology, Ministry of Science, Technology and Higher Education. Project n.º UID/GES/4752/2019.
This work has been supported by FCT—Fundação para a Ciência e Tecnologia within the Project Scope: UID/CEC/00319/2019.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Lopes, I.M., Guarda, T., Oliveira, P. (2020). The Four Dimensions of the GDPR Framework: An Institutional Theory Perspective. In: Rocha, Á., Pereira, R. (eds) Developments and Advances in Defense and Security. Smart Innovation, Systems and Technologies, vol 152. Springer, Singapore. https://doi.org/10.1007/978-981-13-9155-2_39
Download citation
DOI: https://doi.org/10.1007/978-981-13-9155-2_39
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-9154-5
Online ISBN: 978-981-13-9155-2
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)