Beyond Mere Compliance — Delighting Customers by Implementing Data Privacy Measures?

The importance of customer data for business models is increasing, as is the relevance of customers’ concerns regarding privacy aspects. To prevent data privacy incidents and to mitigate the associated risks, companies need to implement appropriate measures. Furthermore, it is unclear whether their implementation – beyond mere compliance – has the potential to actually delight customers and yields competitive advantages. In this paper, we derive specific measures to deal with customers’ data privacy concerns based on the literature, legislative texts, and expert interviews. Next, we leverage the Kano model via an Internet-based survey to analyze the measures’ evaluation by customers. As a result, most measures are considered basic needs of must-be quality. Their implementation is obligatory and is not rewarded by customers. However, delighters of attractive quality do exist and have the potential to create a competitive advantage

Structuring Digital Transformation: A Framework of Action Fields and its Application at ZEISS

Digital products and services are an integral part of everyday life for both individuals and organizations. Further, given that digitalization greatly impacts our society and in particular how customer and organizations interact, organizations need to react to changing business rules and to leverage opportunities associated with digital technologies. Accordingly, the chief information officer (CIO) role is frequently a flexible one in the sense that it encompasses a much broader perspective on organizations than before. Most of the CIOs or newly appointed chief digital officers (CDOs) whom we interviewed in the course of our study recognized the need for change catalyzed by emerging digital technologies, but they typically lacked comprehensive knowledge on how to scope digital transformation initiatives. Against this background, we develop and validate a holistic framework of action fields for digital transformation. Our framework builds on extant literature and a series of exploratory interviews with over 50 organizations, and we have validated it in numerous contexts. In this paper, we present our framework and demonstrate its application at ZEISS, one of the organizations that participated in our study

Compliance Challenges with the General Data Protection Regulation

The General Data Protection Regulation are coming as a response to the outdated Directive from 1995. With this, a lot tougher pressures are put on organisations regarding the demand for compliance, which is mainly done through higher penalties, giving organisations an in-citement to oblige. Seen from the perspective of information systems, organisations have to implement the requirements of the regulation into their data processes in order to stay compli-ant. In the literature there is a lack of understanding of what challenges organisations face when striving for compliance in information systems. The General Data Protection Regulation was used as a lens to examine the available compliance theory. This was done by interviewing employees working with and in organisations trying to comply with the General Data Protec-tion Regulation in positions such as security management, product management and project management. We found seven challenges and one sub-challenge concerning data processes that organisations face as they adjust to the General Data Protection Regulation.The General Data Protection Regulation are coming as a response to the outdated Directive from 1995. With this, a lot tougher pressures are put on organisations regarding the demand for compliance, which is mainly done through higher penalties, giving organisations an in-citement to oblige. Seen from the perspective of information systems, organisations have to implement the requirements of the regulation into their data processes in order to stay compli-ant. In the literature there is a lack of understanding of what challenges organisations face when striving for compliance in information systems. The General Data Protection Regulation was used as a lens to examine the available compliance theory. This was done by interviewing employees working with and in organisations trying to comply with the General Data Protec-tion Regulation in positions such as security management, product management and project management. We found seven challenges and one sub-challenge concerning data processes that organisations face as they adjust to the General Data Protection Regulation