Understanding Data Protection Regulations from a Data Management Perspective: A Capability-Based Approach to EU-GDPR
Fiche du document
24 février 2019
- handle: 10670/1.sc3xj4
Ce document est lié à :
info:eu-repo/grantAgreement/OTHER//Competence Center Corporate Data Quality (CC CDQ)///
Ce document est lié à :
info:eu-repo/semantics/altIdentifier/urn/urn:nbn:ch:serval-BIB_65AAB323C49C7
info:eu-repo/semantics/openAccess , Copying allowed only for non-profit organizations , https://serval.unil.ch/disclaimer
Sujets proches
Protection, Data Personal data protection Data governance Data regulationCiter ce document
Clement Labadie et al., « Understanding Data Protection Regulations from a Data Management Perspective: A Capability-Based Approach to EU-GDPR », Serveur académique Lausannois, ID : 10670/1.sc3xj4
Métriques
Partage / Export
Résumé
The European General Data Protection Regulation (EU-GDPR) has entered into force in May 2018. Its emphasis on individual control and organizational accountability constitutes a new paradigm that requires changes in the way organizations manage personal data. However, organizations face difficulties when implementing EU-GDPR due to a lack of common ground between legal and data management domains. Anchored in the resource-based view theory (RBV), this paper argues that the regulation requires companies to build a dedicated data management capability. It presents a capability model that was developed in an iterative design science process, integrating both interpretation of legal texts and practical insights from focus groups with more than 30 experts and from 3 EU-GDPR projects. The paper advances the regulatory compliance management literature by translating legal data protection concepts for the IS community. It also contributes to practice by enabling organization to set-up systematic approaches towards EU-GDPR compliance.