Towards a readiness model derived from critical success factors, for the general data protection regulation implementation in higher education institutions

Authors

  • José Fernandes School of Economics and Management, University of Minho, Campus de Gualtar, Braga, Portugal
  • Carolina Machado School of Economics and Management, University of Minho, Campus de Gualtar, Braga, Portugal
  • Luís Amaral School of Engineering, University of Minho, Campus de Azurém, Guimarães, Portugal

DOI:

https://doi.org/10.5937/StraMan2200033F

Keywords:

Critical Success Factors; Design Science Research; Readiness model; Maturity model; Higher Education Institutions

Abstract

Background: Present the relevance of the study and highlights the key points of literature overview.

Purpose: As of May 25, 2018, General Data Protection Regulation (GDPR) has become mandatory for all organizations, public or private, that handle personal data of European citizens, regardless of their physical location. Higher education institutions (HEIs), namely public universities, are no exception to this requirement and, as in many other organizations, many HEIs begin the process of implementing the GDPR without meeting the minimum conditions necessary for implementation. The purpose of this study, therefore, is to present a model to determine the level of readiness of HEIs regarding the implementation of the GDPR.  

Study design/methodology/approach: With the objective of designing a new artefact as a readiness model for the implementation of the GDPR, this study follows Design Science Research as an approach to be used to build the readiness model, based on a set of 16 critical success factors (CSFs) previously determined.

Findings/conclusions: A readiness model was designed, based on a set of 16 CSFs related to the implementation of GDPR in HEIs.

Limitations/future research: This is a new area of study that needs further development, namely through the practical application of the model, allowing the improvement of the measurement levels of the different CSFs.

Practical implications: The determined readiness model allows HEIs to realize a priori if they have the necessary conditions for the implementation of the GDPR, giving useful indications of the organizational dimensions and the CSFs that compose them where better performance is necessary to ensure a successful implementation.

Originality/Value: As far as we know, this is the first model of readiness based on CSFs related to the implementation of GDPR in HEIs, being therefore a first contribution to the development of this area.

Downloads

Published

2023-03-30