Abstract
The General Data Protection Regulation entered into force on 25 May 2018, but was approved on 27 April 2016. The General Data Protection Regulation (GDPR) aims to ensure the coherence of natural persons’ protection within the European Union (EU), comprising very important innovative rules that will be applied across the EU and will directly affect every Member State. The organizations/Institutions had two years to implement it. Despite this, it has been observed that, in several sectors of activity, the number of organizations having adopted that control is low. This study aimed to identify the factors which condition the implementation the GDPR by organizations. Methodologically, the study involved interviewing the officials in charge of information systems in 18 health clinics in Portugal. The factors facilitating and inhibiting the implementation of GDPR are presented and discussed. Based on these factors, a set of recommendations to enhance the implementation of the measures proposed by the regulation is made. The study used Institutional Theory as a theoretical framework. The results are discussed in light of the data collected in the survey and possible future works are identified.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Tankard, C.: What the GDPR means for businesses. Netw. Secur. 2016(6), 5–8 (2016)
Mantelero, A.: The EU proposal for a general data protection regulation and the roots of the ‘right to be forgotten’. Comput. Law Secur. Rev. 29(3), 229–235 (2013)
Tikkinen-Piri, C., Rohunen, A., Markkula, J.: EU General data protection regulation: changes and implications for personal data collecting companies. Comput. Law Secur. Rev. 34, 134–153 (2018)
European Parliament and Council, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, Official Journal of the European Union (2016)
Allen & Overy: Preparing for the General Data Protection Regulation (2018)
Lopes, I.M., Oliveira, P.: Implementation of the general data protection regulation: a survey in health clinics. In: 13th Iberian Conference on Information Systems and Technologies, June 2018, pp. 1–6 (2018)
Brown, S.L., Eisenhardt, K.M.: Competing on the Edge: Strategy as Structured Chaos. Harvard Business School Press, Boston (1998)
Scott, W.: Institutional Theory, pp. 408–414. Encyclopedia of Social Theory, Sage, Thousand Oaks (2004)
DiMaggio, P., Powell, W.: Introduction. In: Powell, W.W., DiMaggio, P.J. (eds.) The New Institutionalism in Organizational Analysis, pp. 1–38. University of Chicago Press, Chicago (1991)
North, D.: Institutions Institutional Change and Performance. Cambridge University Press, Cambridge (1990)
Scott, W.R.: Institutions and Organizations: Ideas and Interests, 3rd edn. Sage, Thousand Oaks (2008)
Tolbert, P.S., Zucker, L.G.: The institutionalization of institutional theory. In: Handbook of Organization Studies. Sage, London (1996)
Carvalho, J.A.: Strategies to deal with complexity in information systems development. In: Proceedings of the ISAS-CSI 2002 – 6th World Multiconference on Systems, Cybernetics and Informatics, Orlando, pp. 42–47 (2002)
Orlikowski, W.J.: The duality of technology: rethinking the concept of technology in organizations. Organ. Sci. 3(3), 398–426 (1992)
King, J., et al.: Institutional factors in information technology innovation. Inf. Syst. Res. 5(2), 139–169 (1994)
Premkumar, G., et al.: Determinants of EDI adoption in the transportation industry. Eur. J. Inf. Syst. 6(2), 107–121 (1997)
Chatterjee, D., et al.: Shaping up for E-commerce: institutional enablers of the organizational assimilation of web technologies. MIS Q. 26(2), 65–89 (2002)
Teo, H., et al.: Predicting intention to adopt interorganizational linkages: an institutional perspective. MIS Q. 27(1), 19–49 (2003)
Baptista, J.: Institutionalisation as a process of interplay between technology and its organisational context of use. J. Inf. Technol. 24(4), 305–320 (2009)
Bharati, P., Chaudhury, A.: Technology assimilation across the value chain: an empirical study of small and medium-sized enterprises. Inf. Resour. Manag. J. 25(1), 38–60 (2012)
Alvarenga, T., Rodriguez, C.: Institutional theory and its applicability in research related to operations management, VII Congresso Brasileiro de Engenharia de Produção, Brasil (2017)
Martins, J., Gonçalves, R., Oliveira, T., Cota, M., Branco, F.: Understanding the determinants of social network sites adoption at firm level: a mixed methodology approach. Electron. Commer. Res. Appl. 18, 10–26 (2016)
Martins, J., Gonçalves, R., Branco, F., Peixoto, C.: Social networks sites adoption for education: a global perspective on the phenomenon through a literature review. In: 2015 10th Iberian Conference on Information Systems and Technologies (CISTI), pp. 1–7. IEEE (2015)
Acknowledgments
UNIAG, R&D unit funded by the FCT – Portuguese Foundation for the Development of Science and Technology, Ministry of Science, Technology and Higher Education.. Project n. º UID/GES/4752/2019.
This work has been supported by FCT – Fundação para a Ciência e Tecnologia within the Project Scope: UID/CEC/00319/2019.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Lopes, I.M., Guarda, T., Oliveira, P. (2019). EU General Data Protection Regulation Implementation: An Institutional Theory View. In: Rocha, Á., Adeli, H., Reis, L., Costanzo, S. (eds) New Knowledge in Information Systems and Technologies. WorldCIST'19 2019. Advances in Intelligent Systems and Computing, vol 930. Springer, Cham. https://doi.org/10.1007/978-3-030-16181-1_36
Download citation
DOI: https://doi.org/10.1007/978-3-030-16181-1_36
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-16180-4
Online ISBN: 978-3-030-16181-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)