Abstract
PurposeData can nowadays be seen as the main asset of organizations and data leaks have a considerable impact on the organization’s image, revenues and possible consequences to the affected clients. One of the most critical industries is the bank. Information security frameworks (ISF) have been created to assist organizations and other frameworks evolved to update these domain practices. Recently, the European Union decided to create the general data protection regulation (GDPR), applicable to all organizations dealing with personal data of citizens residing in the European Union. Although considered a general regulation, GDPR implementation needs to align with some industries’ laws and policies. Especially in the Bank industry. How these ISF can assist the implementation of GDPR is not clear.Design/methodology/approachThe design science research process was followed and semi-structured interviews performed.FindingsA list of practices to assist the bank industry in GDPR implementation is provided. How each practice map with assessed ISF and GDPR requirements is also presented.Research limitations/implicationsAs GDPR is a relatively recent subject, it is hard to find experts in the area. It is more difficult if the authors intend to find experienced people in the GDPR and bank industry. That is one of the main reasons this study does not include more interviews.Originality/valueThis research provides a novel artefact to the body of knowledge. The proposed artefact lists which ISF practices banks should implement to comply with GDPR. By doing it the artefact provides a centralized view about which ISF frameworks (or part of them) could be implemented to help banks comply with GDPR.
Highlights
The rapid development of computers in the last 20 years, with the reduced prices for data storage, allows the processing of large amounts of personal data (PD) (Martin, Matt, Niebel, & Blind, 2019; Radvanovsky & Brodsky, 2013)
By doing it our artefact provides a centralized view about which Information security frameworks (ISF) frameworks could be implemented to help banks comply with General Data Protection Regulation (GDPR)
This research aims to investigate how can current ISF help banks comply with GDPR
Summary
The rapid development of computers in the last 20 years, with the reduced prices for data storage, allows the processing of large amounts of personal data (PD) (Martin, Matt, Niebel, & Blind, 2019; Radvanovsky & Brodsky, 2013). DP has, in turn, been driven by the development of information technology (IT) (Phillips, 2018), and in the last years with the increase use of IT by the citizens, in the residents in EU, the Data Protection Directive 95/46/EC no longer meets the privacy requirements of the present-day digital environment To solve this problem the European Commission (EC) has been developing, since 2009, the General Data Protection Regulation (GDPR), that has published a proposal for the DP reform in 2012 (Tikkinen-Piri et al, 2018). This progression creates enormous opportunities for business, but in another way leaves open serious issues like the implementation of new technologies, and the increasing public awareness and concern for the importance of personal DP (Lucic, Boban, & Mileta, 2018), and generate serious privacy, trust and security risks (Almeida Teixeira, Mira da Silva, & Pereira, 2019). This research aims to investigate how can current ISF help banks comply with GDPR
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
