Paper
The Role of IS in the Conflicting Interests Regarding GDPR
Published Mar 9, 2020 · Timo Jakobi, M. Grafenstein, Christine Legner
Business & Information Systems Engineering
13
Citations
0
Influential Citations
Abstract
Since May 25 2018, the General Data Protection Regulation (GDPR) regulates the handling of personal data both for companies in the European Union and European Citizens. It is part of the European Union’s Digital Single Market strategy and aims to create the conditions for an economy without barriers that would benefit individuals and companies as well as society as a whole (European Parliament and Council 2016). The protective purpose of the GDPR is to enable individuals, against the background of modern data processing possibilities and techniques and their risks, to decide for or against a consent to data processing on the basis of appropriate information on how their personal data are handled and in a self-determined manner. At the same time, the GDPR has established many fundamentally new concepts, thereby opening new leeway for legal, scientific and practical interpretation, providing both challenges and potential for renewal and innovation. Almost two years after the entry into force of the GDPR, it seems appropriate to reflect on first effects, suggestions for improvement and future high potential research areas. With Business and Information Systems Engineering research focusing on socio-technical systems for digital data processing for commercial or social purposes, it seems that it is the natural place for a transdisciplinary examination of the possibilities and challenges that this new regulation brings along. In this regard, BISE is – maybe better than any other field – suited to address such complex questions at the intersection of law, design, organizational research and information systems. However, with evolvement of its context, maybe also the field itself needs to adapt One sign for this simultaneous potential need and opportunity is the vivid research surrounding GDPR in the areas concerning the interdisciplinary field of BISE. In the vast majority of these contributions, a key question revolves around the interpretation of certain aspects of GDPR. On a more practical level, for example, there is an increasing body of practical guides or implementation guidelines, looking at how organizations will have to move forward to comply and avoid fines or negative publicity (Tankard 2016; Huth 2017; Voigt and Von dem Bussche 2017; Lambrinoudakis 2018). However, there is a lot of criticism remaining (Cvik et al. 2018). Organizational and management research likewise seeks to uncover and address organizational and business needs with regard to GDPR. These include, for example, the new Dr. T. Jakobi (&) Prof. Dr. G. Stevens Information Systems esp. IT-Security and Privacy, University of Siegen, Siegen, Germany e-mail: timo.jakobi@uni-siegen.de
Full text analysis coming soon...