{"title":"Identifying critical success factors for the General Data Protection Regulation implementation in higher education institutions","authors":"José Fernandes, Carolina Machado, L. Amaral","doi":"10.1108/dprg-03-2021-0041","DOIUrl":null,"url":null,"abstract":"\nPurpose\nOn May 25, 2018, the General Data Protection Regulation (GDPR) became mandatory for all organizations that handle the personal data of European Union citizens. This exploratory study aims to determine the critical success factors (CSFs) related to implementing the GDPR in Portuguese public higher education institutions (HEIs).\n\n\nDesign/methodology/approach\nThis study adopts a multimethod methodology with qualitative and quantitative methods. A multiple case study was carried out in Portuguese public universities. As procedures for data collecting and analysis, semistructured interviews with 26 questions were conducted with the data protection officers of these universities during May and July 2019 to derive a set of CSFs. Next, the Delphi method has been applied to determine the ranking of the CSFs. The hierarchical clusters analysis has also been applied to determine the cluster with essential CSFs. To derive the CSF, the method by Caralli et al. (2004) has been applied.\n\n\nFindings\nThis study has identified the list of 16 CSFs related to the implementation of GDPR in HEIs, among which we can highlight, for instance, empower workers on the GDPR; commit top management with the GDPR; implement the GDPR with the involvement of management and workers; create a culture for data protection; and create a decentralized team of pivots for data protection.\n\n\nResearch limitations/implications\nIt could have been more enriching in the CSF determination process if all Portuguese public universities had participated in this study. In fact, within their many similarities, universities are also very different in approaching privacy and data protection. New studies are needed to determine whether the CSFs identified apply equally to other organizations, namely, private HEIs with less bureaucracy.\n\n\nOriginality/value\nIdentifying CSFs related to GDPR implementation in Portuguese public universities is a new area of study. This paper is a contribution to its development.\n","PeriodicalId":56357,"journal":{"name":"Digital Policy Regulation and Governance","volume":"128 1","pages":""},"PeriodicalIF":2.1000,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Digital Policy Regulation and Governance","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1108/dprg-03-2021-0041","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"INFORMATION SCIENCE & LIBRARY SCIENCE","Score":null,"Total":0}
引用次数: 1
Abstract
Purpose
On May 25, 2018, the General Data Protection Regulation (GDPR) became mandatory for all organizations that handle the personal data of European Union citizens. This exploratory study aims to determine the critical success factors (CSFs) related to implementing the GDPR in Portuguese public higher education institutions (HEIs).
Design/methodology/approach
This study adopts a multimethod methodology with qualitative and quantitative methods. A multiple case study was carried out in Portuguese public universities. As procedures for data collecting and analysis, semistructured interviews with 26 questions were conducted with the data protection officers of these universities during May and July 2019 to derive a set of CSFs. Next, the Delphi method has been applied to determine the ranking of the CSFs. The hierarchical clusters analysis has also been applied to determine the cluster with essential CSFs. To derive the CSF, the method by Caralli et al. (2004) has been applied.
Findings
This study has identified the list of 16 CSFs related to the implementation of GDPR in HEIs, among which we can highlight, for instance, empower workers on the GDPR; commit top management with the GDPR; implement the GDPR with the involvement of management and workers; create a culture for data protection; and create a decentralized team of pivots for data protection.
Research limitations/implications
It could have been more enriching in the CSF determination process if all Portuguese public universities had participated in this study. In fact, within their many similarities, universities are also very different in approaching privacy and data protection. New studies are needed to determine whether the CSFs identified apply equally to other organizations, namely, private HEIs with less bureaucracy.
Originality/value
Identifying CSFs related to GDPR implementation in Portuguese public universities is a new area of study. This paper is a contribution to its development.
2018年5月25日,《通用数据保护条例》(GDPR)对所有处理欧盟公民个人数据的组织都是强制性的。本探索性研究旨在确定在葡萄牙公立高等教育机构(HEIs)实施GDPR的关键成功因素(csf)。本研究采用定性与定量相结合的多方法研究方法。在葡萄牙公立大学进行了多案例研究。作为数据收集和分析的程序,我们在2019年5月至7月期间与这些大学的数据保护官员进行了涉及26个问题的半结构化访谈,以得出一套CSFs。其次,采用德尔菲法确定社会保障体系的排名。层次聚类分析也被应用于确定具有基本CSFs的聚类。为了推导CSF,我们采用了Caralli et al.(2004)的方法。本研究确定了16个与高等教育机构实施GDPR相关的CSFs清单,其中我们可以强调,例如,在GDPR上赋予工人权力;向最高管理层承诺遵守GDPR;在管理层和员工的参与下实施GDPR;建立保护资料的文化;并创建一个分散的数据保护中心团队。研究局限性/启示如果所有葡萄牙公立大学都参与了这项研究,CSF的测定过程可能会更加丰富。事实上,在许多相似之处,大学在处理隐私和数据保护方面也有很大的不同。需要进行新的研究,以确定已确定的基金是否同样适用于其他机构,即较少官僚主义的私立高等教育院校。原创性/价值识别葡萄牙公立大学与GDPR实施相关的csf是一个新的研究领域。本文是对其发展的一种贡献。
期刊介绍:
Emerald holds journals from the current and previous year. We hold all older back volumes and can supply high quality reprints for most volumes that were previously out-of-print. Complete list of titles we can supply from this publisher Publisher''s web page and subscription information
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
