EU General Data Protection Regulation Implementation: An Institutional Theory View

Isabel Maria Lopes*, Teresa Guarda, Pedro Oliveira

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

Abstract

The General Data Protection Regulation entered into force on 25 May 2018, but was approved on 27 April 2016. The General Data Protection Regulation (GDPR) aims to ensure the coherence of natural persons’ protection within the European Union (EU), comprising very important innovative rules that will be applied across the EU and will directly affect every Member State. The organizations/Institutions had two years to implement it. Despite this, it has been observed that, in several sectors of activity, the number of organizations having adopted that control is low. This study aimed to identify the factors which condition the implementation the GDPR by organizations. Methodologically, the study involved interviewing the officials in charge of information systems in 18 health clinics in Portugal. The factors facilitating and inhibiting the implementation of GDPR are presented and discussed. Based on these factors, a set of recommendations to enhance the implementation of the measures proposed by the regulation is made. The study used Institutional Theory as a theoretical framework. The results are discussed in light of the data collected in the survey and possible future works are identified.

Original languageEnglish
Title of host publicationNew Knowledge in Information Systems and Technologies. Volume 1
EditorsLuís Paulo Reis, Álvaro Rocha, Hojjat Adeli, Sandra Costanzo
Number of pages11
Place of PublicationCham
PublisherSpringer VS
Publication date2019
Pages383-393
ISBN (Print)9783030161804
ISBN (Electronic)9783030161811
DOIs
Publication statusPublished - 2019
Externally publishedYes
EventWorld Conference on Information Systems and Technologies, WorldCIST 2019 - Galicia, Spain
Duration: 16 Apr 201919 Apr 2019

Conference

ConferenceWorld Conference on Information Systems and Technologies, WorldCIST 2019
Country/TerritorySpain
CityGalicia
Period16/04/201919/04/2019
SeriesAdvances in Intelligent Systems and Computing
Volume930
ISSN2194-5357

Keywords

  • General Data Protection Regulation
  • Health clinics
  • Institutional Theory
  • Regulation (EU) 2016/679

Cite this