Empirical Results on the Collaboration Between Enterprise Architecture and Data Protection Management during the Implementation of the GDPR

The General Data Protection Regulation (GDPR) forces data protection management experts in companies worldwide to provide in-depth documentation and ensure GDPR-compliant data processing. Enterprise architecture management (EAM) provides a theoretical and methodical framework to address the multitude of concerns that arise from regulatory requirements. In this work, we report results from 24 qualitative interviews with 29 enterprise architects on how EAM supported the work of data protection management experts. We derive a conceptual framework with four different levels of EA support for Data Protection Management, and discuss EAM prerequisites for each level

Enhancing Information Governance with Enterprise Architecture Management: Design Principles Derived from Benefits and Barriers in the GDPR Implementation

Businesses today are increasingly dependent on how they transform information into economic value, while simultaneously being compliant with intensified privacy requirements, resulting from legal acts like the General Data Protection Regulation (GDPR). As a consequence, realizing information governance has become a topic more important than ever to balance the beneficial use and protection of information. This paper argues that enterprise architecture management (EAM) can be a key to GDPR implementation as one important domain of information governance by providing transparency on information integration throughout an organization. Based on 24 interviews with 29 enterprise architects, we identified a multiplicity of benefits and barriers within the interplay of EAM and GDPR implementation and derived seven design principles that should foster EAM to enhance information governance

Building data management capabilities to address data protection regulations: Learnings from EU-GDPR

The European Union’s General Data Protection Regulation (EU-GDPR) has initiated a paradigm shift in data protection toward greater choice and sovereignty for individuals and more accountability for organizations. Its strict rules have inspired data protection regulations in other parts of the world. However, many organizations are facing difficulty complying with the EU-GDPR: these new types of data protection regulations cannot be addressed by an adaptation of contractual frameworks, but require a fundamental reconceptualization of how companies store and process personal data on an enterprise-wide level. In this paper, we introduce the resource-based view as a theoretical lens to explain the lengthy trajectories towards compliance and argue that these regulations require companies to build dedicated, enterprise-wide data management capabilities. Following a design science research approach, we propose a theoretically and empirically grounded capability model for the EU-GDPR that integrates the interpretation of legal texts, findings from EU-GDPR-related publications, and practical insights from focus groups with experts from 22 companies and four EU-GDPR projects. Our study advances interdisciplinary research at the intersection between IS and law: First, the proposed capability model adds to the regulatory compliance management literature by connecting abstract compliance requirements to three groups of capabilities and the resources required for their implementation, and second, it provides an enterprise-wide perspective that integrates and extends the fragmented body of research on EU-GDPR. Practitioners may use the capability model to assess their current status and set up systematic approaches toward compliance with an increasing number of data protection regulations

Connected systems in smart cities: use-cases of integration of buildings information with smart systems

Realisation of smart cities is highly dependent on innovative connections between the deployed systems in the cities. This implies that successfully deployment of individual smart systems which meet citizens’ needs, is not sufficient to make a city smart. Indeed, the smart cities require to innovate and connect establish infrastructures for the citizens and organisations. To enable connected systems in smart cities, the possibilities to exchange and integration information between different systems is essential. Construction industry is one of the domains which owns huge amount of valuable information asset. Buildings information can be utilised to create initiatives associated with various domains like, urban and infrastructure planning, maintenance/facility management, and energy monitoring. However, there are some barriers to realise these initiatives. This paper introduces and elaborates the details about three use-cases which need to utilise buildings information to present innovative smart services. The three use cases are: 1) Energy Usage Monitoring for positive energy usage district areas in Smart Cities (a use case from River City-anonymous name of the city); 2) Services for Facility Management Industry (a use-case from Estates office in Quay University); 3) Safety & risk management for buildings in 3D Hack event in Dublin. Each use-case considers various stakeholders’ perspectives. Also they include elaborated details related to the barriers and challenges associated with utilisation and integration of buildings information. This paper concludes by the detailed barriers to benefit from valuable buildings information to create innovative smart services. Further, recommendations are provided to overcome the presented challenges

Externalities and Enterprise Software: Helping and Hindering Legal Compliance

Enterprise software helps organizations comply with laws and regulations, yet software itself creates negative externalities that can undermine rights and laws. Software developers are an important regulatory force, yet many know little about how law and software interact. This work examines developer understanding of legal concepts and examples of the software code and law relationship: payroll, Sarbanes Oxley Act, web accessibility, and data protection

Harnessing Artificial Intelligence Capabilities Through Cloud Services: a Case Study of Inhibitors and Success Factors

Industry and research have recognized the need to adopt and utilize artificial intelligence (AI) to automate and streamline business processes to gain competitive edges. However, developing and running AI algorithms requires a complex IT infrastructure, significant computing power, and sufficient IT expertise, making it unattainable for many organizations. Organizations attempting to build AI solutions in-house often opt to establish an AI center of excellence, accumulating huge costs and extremely long time to value. Fortunately, this deterrence is eliminated by the availability of AI delivered through cloud computing services. The cloud deployment models, Infrastructure as a Service, Platform as a Service, and Software as a Service provide various AI services. IaaS delivers virtualized computing resources over the internet and enables the raw computational power and specialized hardware for building and training AI algorithms. PaaS provides development tools and running environments that assist data scientists and developers in implementing code to bring out AI capabilities. Finally, SaaS offers off-the-shelf AI tools and pre-trained models provided to customers on a commercial basis. Due to the lack of customizability and control of pre-built AI solutions, this empirical investigation focuses merely on IaaS and PaaS-related AI services. The rationale is associated with the complexity of developing, managing and maintaining customized cloud infrastructures and AI solutions that meet a business's actual needs. By applying the Diffusion of Innovation (DOI) theory and the Critical Success Factor (CSF) method, this research explores and identifies the drivers and inhibitors for AI services adoption and critical success factors for harnessing AI capabilities through cloud services.Based on a comprehensive review of the existing literature and a series of nine systematic interviews, this study reveals ten factors that drive- and 17 factors that inhibit the adoption of AI developer tools and infrastructure services. To further aid practitioners and researchers in mitigating the challenges of harnessing AI capabilities, this study identifies four affinity groups of success factors: 1) organizational factors, 2) cloud management factors, 3) technical factors, and 4) the technology commercialization process. Within these categories, nine sub-affinity groups and 20 sets of CSFs are presented

Mapping the Empirical Evidence of the GDPR (In-)Effectiveness: A Systematic Review

In the realm of data protection, a striking disconnect prevails between traditional domains of doctrinal, legal, theoretical, and policy-based inquiries and a burgeoning body of empirical evidence. Much of the scholarly and regulatory discourse remains entrenched in abstract legal principles or normative frameworks, leaving the empirical landscape uncharted or minimally engaged. Since the birth of EU data protection law, a modest body of empirical evidence has been generated but remains widely scattered and unexamined. Such evidence offers vital insights into the perception, impact, clarity, and effects of data protection measures but languishes on the periphery, inadequately integrated into the broader conversation. To make a meaningful connection, we conduct a comprehensive review and synthesis of empirical research spanning nearly three decades (1995- March 2022), advocating for a more robust integration of empirical evidence into the evaluation and review of the GDPR, while laying a methodological foundation for future empirical research