Prioritizing and Ranking the Taxonomy of Factors Critical to GDPR Compliance

Abstract

This study aims to unfold the myriad factors essential in the viewpoint of GDPR implementation. Additionally, this study will prioritize and rank the critical factors which would ensure the successful enablement of GDPR in any organization.The approach is to prioritize and rank the underlying factors for GDPR compliance by implementing an efficient multi-criteria decision-making technique, specifically the analytical hierarchy process. A well-defined taxonomy of twenty factors has been defined that spreads across the four broad categories of critical factors essential for the enablement of GDPR in an organization. Governance and People related factors get the highest priority and rank. Factors such as issuing privacy policy on the public platform, recruitment of GDPR experts have the highest priority. Additionally, with the help of Pareto analysis, it was discovered that the top eight factors account for 80% of the total weight age out of the twenty factors. This study focuses only on the pre-established components for GDPR implementation identified from previous notable works. The scope of the study is constricted to the insight of select GDPR experts also does not incorporate a broader spectrum of the Data Privacy ecosystem. This study contributes to the prioritization of factors for GDPR compliance in a two-fold manner. One, a complete classification of underlying factors is proposed, and two, they are prioritized and ranked to serve as a rulebook for GDPR practitioners while working towards the enablement of GDPR in their organization.