Abstract
Leveraging insights from the personal data of customers can improve the decision-making capability of the organisation resulting in optimised operations, products, and services. However, in the digitally connected world the organisation is increasingly challenged to protect personal data and there is greater potential for inappropriate data use or disclosure, which can result in legal, financial, and reputational consequences for the organisation. Developments brought about by digital transformation increase the requirement for more stringent approaches to personal data protection to be implemented by the organisation. In most countries, data protection is taken very seriously and enforced through strict regulations (e.g. GDPR) which every organisation who holds personal data must adhere to. However, high-profile data breaches continue to occur. Research suggests that data protection controls have not kept pace with the degree to which organisations are experimenting with digital technologies and the unprecedented data volumes. Many organisations are unable to detect when or where their data systems have been breached. In order to comply with regulatory requirements to protect personal data and avoid potentially significant legal, financial, and reputational implications of a data breach, many organisations must improve their personal data protection approaches. This paper presents the key components or ‘capability building blocks’ of a conceptual framework in the area of Personal Data Protection (PDP) within the organisational context. This framework was developed based on the findings or themes that emerged from a systematic literature review (SLR) in this area followed by an open innovation approach. The resultant conceptual framework can be used by organisations to undertake a holistic analysis of their personal data protection capability. The framework also includes a set of POMs (Practices, Outcomes and Metrics) which acts as a roadmap for organisations to improve upon their current level of maturity in this area to effectively protect personal data and to demonstrate that the organisation is a trustworthy data custodian. © 2019, Curran Associates Inc. All rights reserved.
Original language | Undefined |
---|---|
Title of host publication | European Conference on Information Warfare and Security, ECCWS |
Place of Publication | Coimbra |
Pages | 87-96 |
Volume | 2019 |
Edition | July |
Publication status | Published (in print/issue) - 2019 |
Keywords
- data protection assessment
- data protection capability
- GDPR
- Personal data protection