Empirical Results on the Collaboration Between Enterprise Architecture and Data Protection Management during the Implementation of the GDPR

The General Data Protection Regulation (GDPR) forces data protection management experts in companies worldwide to provide in-depth documentation and ensure GDPR-compliant data processing. Enterprise architecture management (EAM) provides a theoretical and methodical framework to address the multitude of concerns that arise from regulatory requirements. In this work, we report results from 24 qualitative interviews with 29 enterprise architects on how EAM supported the work of data protection management experts. We derive a conceptual framework with four different levels of EA support for Data Protection Management, and discuss EAM prerequisites for each level

Querying a regulatory model for compliant building design audit

The ingredients for an effective automated audit of a building design include a BIM model containing the design information, an electronic regulatory knowledge model, and a practical method of processing these computerised representations. There have been numerous approaches to computer-aided compliance audit in the AEC/FM domain over the last four decades, but none has yet evolved into a practical solution. One reason is that they have all been isolated attempts that lack any form of standardisation. The current research project therefore focuses on using an open standard regulatory knowledge and BIM representations in conjunction with open standard executable compliant design workflows to automate the compliance audit process. This paper provides an overview of different approaches to access information from a regulatory model representation. The paper then describes the use of a purpose-built high-level domain specific query language to extract regulatory information as part of the effort to automate manual design procedures for compliance audit

Opportunities for improving environmental compliance in Mexico

Survey evidence from Mexico reveals large observed differences in pollution from factories in the same industry, or the same area, or operating under the same regulatory regime. Many factories have adopted significant measures for pollution control and are in compliance with environmental regulations, but some have made little or no such effort. For lack of data, systematic research on the reasons behind such variations in plant-level environmental performance (especially on how impediments to pollution control affect plant behavior) is rare, even in industrial societies. Drawing on a recent plant-level survey of Mexican factories, the author identifies a number of performance variables characteristic of compliant and non-compliant plants, as well as factors that no-compliant plants perceive to be obstacles to pollution control. Non-compliant firms made less effort than compliant firms to change materials, used, to change production processes, or to install end-of-pipe treatment equipment. They had significantly fewer programs to train their general workers in environmental responsibilities. They lagged behind in environmental training, waste management, and transportation training. They received less technical training, especially about the environment, environmental policy and administration, and clean technology and audits. Responses about obstacles to better environmental performance included scarcity of training resources, government bureaucracy, high interest rates, and Mexico's lack of an environmental protection culture. Respondents said that senior managers did not emphasize the environment, assigned more priority to economic considerations, and were not trained in the subject. Most important, however, little information was available about Mexico's environmental policy. These findings suggest the importance of technical assistance - especially training and information. In Mexico, the information gap on policy is a major problem. Mexican environmental agencies should invest more in technical assistance and environmental training targeted to non-compliant enterprises. Environmental education, especially of senior managers, could significantly improve pollution control. Maintaining close contact with non-compliant firms, designing programs targeted to them, and pursuing them systemically should increase their responsiveness to regulations.ICT Policy and Strategies,Environmental Economics&Policies,Public Health Promotion,Water and Industry,Health Monitoring&Evaluation,Environmental Economics&Policies,Water and Industry,Health Monitoring&Evaluation,ICT Policy and Strategies,Agricultural Research

How to Develop a GDPR-Compliant Blockchain Solution for Cross-Organizational Workflow Management: Evidence from the German Asylum Procedure

Blockchain technology has the potential to resolve trust concerns in cross-organizational workflows and to reduce reliance on paper-based documents as trust anchors. Although these prospects are real, so is regulatory uncertainty. In particular, the reconciliation of blockchain with Europe’s General Data Protection Regulation (GDPR) is proving to be a significant challenge. We tackled this challenge with the German Federal Office for Migration and Refugees. Here, we explain how we used Action Research to guide the Federal Office in creating a GDPR-compliant blockchain solution for the German asylum procedure. Moreover, we explain the architecture of the Federal Office’s solution and present two design principles for developing GDPR-compliant blockchain solutions for cross-organizational workflow management

Discretionary Enforcement and Strategic Interactions Between Firms, Regulatory Agency and Justice Department: A Theoretical and Empirical Investigation

This paper presents a game theoretic morphological analysis of the U.S. environmental authorities’ (i.e., EPA and DOJ) behavioural mechanisms, based on strategic interactions among the players. The models explore the role of discretion that such authorities enjoy, either in deciding how to pursue environmental violations (investigative and prosecutorial discretion) or in judging them (judicial discretion). The purpose is to identify both the optimal firms’ behaviour in terms of compliance, and the DOJ’s and EPA’s optimal strategies in terms of enforcement actions to undertake. Consistent with the setting of the game theory models, the role of EPA and DOJ in deterring firms from polluting is, then, empirically tested, by means of a laboratory experiment. Laboratory evidence on compliance behaviour of firms when faced with enforcement conditions predicted by the theoretical models set up is discussed for the different experimental treatments performed

Contextual Compliance: Situational and Subjective Cost-Benefit Decisions about Pesticides by Chinese Farmers

This article analyzes how cost-benefit calculation influences compliance with pesticide regulation by Chinese farmers. Building on a study including 150 farmers and experts, it studies how operational costs and benefits and deterrence affect compliance. Moreover, it studies what variation in cost-benefit perceptions there are with different types of rules, farms, and villages. It finds that, in this context, cost-benefit calculation matters for compliance; with operational costs and benefits being more clearly related to compliant behavior than deterrence. It highlights that perceptions about costs and benefits are situational and vary along the type of legal rule and the type of regulated actor. It also shows that such perceptions are individually subjective, as even with similar rules and similar types of actors, perceptions vary. The paper concludes by stating expectations on how the situational and subjective nature of cost-benefit calculation can inform regulators seeking to enhance compliance

Design Challenges for GDPR RegTech

The Accountability Principle of the GDPR requires that an organisation can demonstrate compliance with the regulations. A survey of GDPR compliance software solutions shows significant gaps in their ability to demonstrate compliance. In contrast, RegTech has recently brought great success to financial compliance, resulting in reduced risk, cost saving and enhanced financial regulatory compliance. It is shown that many GDPR solutions lack interoperability features such as standard APIs, meta-data or reports and they are not supported by published methodologies or evidence to support their validity or even utility. A proof of concept prototype was explored using a regulator based self-assessment checklist to establish if RegTech best practice could improve the demonstration of GDPR compliance. The application of a RegTech approach provides opportunities for demonstrable and validated GDPR compliance, notwithstanding the risk reductions and cost savings that RegTech can deliver. This paper demonstrates a RegTech approach to GDPR compliance can facilitate an organisation meeting its accountability obligations

Exploring the dynamics of compliance with community penalties

In this paper, we examine how compliance with community penalties has been theorized hitherto and seek to develop a new dynamic model of compliance with community penalties. This new model is developed by exploring some of the interfaces between existing criminological and socio-legal work on compliance. The first part of the paper examines the possible definitions and dimensions of compliance with community supervision. Secondly, we examine existing work on explanations of compliance with community penalties, supplementing this by drawing on recent socio-legal scholarship on private individuals’ compliance with tax regimes. In the third part of the paper, we propose a dynamic model of compliance, based on the integration of these two related analyses. Finally, we consider some of the implications of our model for policy and practice concerning community penalties, suggesting the need to move beyond approaches which, we argue, suffer from compliance myopia; that is, a short-sighted and narrowly focused view of the issues

'Gatekeepers' of Islamic financial circuits : analysing urban geographies of the global Shari'a elite

This paper analyses the importance of 'Shari'a scholars' in the Islamic Financial Services (IFS) sector, which has been a growing global practice since the 1970s. Based on Shari'a Law, IFS firms provide banking, finance and insurance respecting faith-based prohibitions on interest, speculation and risk taking. Although IFS firms operate across a variety of scales and involve a range of actors, this paper focuses on the transnational capacities of Shari'a experts employed by IFS firms. These scholars use their extensive knowledge of Shari'a Law to assess the 'Islamic' character of a firm's operations, and assist the development of Shari'a-compliant products. As they embody necessary entry-points into Islamic circuits of knowledge and authority, members of what we dub the 'global Shari'a elite' can be regarded as 'gatekeepers' of Islamic financial circuits. Drawing on a comprehensive data source we present a geographical analysis of Shari'a board membership, nationality and educational background of 253 Shari'a scholars. The results show that the global Shari'a elite connects a limited number of IFS hubs (e. g. Dubai, Kuala Lumpur, Kuwait City, Manama, and London) to knowledge and authority networks falling outside 'mainstream' business and service spheres