{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,9]],"date-time":"2025-12-09T15:44:22Z","timestamp":1765295062508,"version":"3.41.2"},"reference-count":44,"publisher":"Emerald","issue":"5","license":[{"start":{"date-parts":[[2019,8,12]],"date-time":"2019-08-12T00:00:00Z","timestamp":1565568000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["DPRG"],"published-print":{"date-parts":[[2019,8,12]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title><jats:p>The implementation of European data protection is a challenge for businesses and has imposed legal, technical and organizational changes for companies. This study aims to explore the benefits and challenges that companies operating in the information technology (IT) sector have experienced in applying the European data protection. Additionally, this study aims to explore whether the benefits and challenges faced by these companies were different considering their dimension and the state of implementation of the regulation.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title><jats:p>This study adopts a quantitative methodology, based on a survey conducted with Portuguese IT companies. The survey is composed of 30 questions divided into three sections, namely, control data; assessment; and benefits and challenges. The survey was created on Google Drive and distributed among Portuguese IT companies between March and April of 2019. The data were analyzed using the Stata software using descriptive and inferential analysis techniques using the ANOVA one-way test.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Findings<\/jats:title><jats:p>A total of 286 responses were received. The main benefits identified by the application of European data protection include increased confidence and legal clarification. On the other hand, the main challenges include the execution of audits to systems and processes and the application of the right to erasure. The findings allow us to conclude that the state of implementation of the general data protection regulation (GDPR), and the type of company are discriminating factors in the perception of benefits and challenges.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Research limitations\/implications<\/jats:title><jats:p>This study has essentially practical implications. Based on the synthesis of the benefits and challenges posed by the adoption of European data protection, it is possible to assess the relative importance and impact of the benefits and challenges faced by companies in the IT sector. However, this study does not explore the type of challenges that are placed at each stage of the adoption of European data protection and does not take into account the specificities of the activities carried out by each of these companies.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title><jats:p>The implementation of the GDPR is still in an initial phase. This study is pioneering in synthesizing the main benefits and challenges of its adoption considering the companies operating in the IT sector. Furthermore, this study explores the impact of the size of the company and the status of implementation of the GDPR on the perception of the established benefits and challenges.<\/jats:p><\/jats:sec>","DOI":"10.1108\/dprg-05-2019-0039","type":"journal-article","created":{"date-parts":[[2019,9,20]],"date-time":"2019-09-20T06:34:05Z","timestamp":1568961245000},"page":"510-524","source":"Crossref","is-referenced-by-count":20,"title":["The benefits and challenges of general data protection regulation for the information technology sector"],"prefix":"10.1108","volume":"21","author":[{"given":"Nazar","family":"Poritskiy","sequence":"first","affiliation":[]},{"given":"Fl\u00e1vio","family":"Oliveira","sequence":"additional","affiliation":[]},{"given":"Fernando","family":"Almeida","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"issue":"2","key":"key2019092309581856300_ref001","doi-asserted-by":"crossref","first-page":"239","DOI":"10.3233\/IP-180002","article-title":"The European general data protection regulation: an instrument for the globalization of privacy standards?","volume":"23","year":"2018","journal-title":"Information Polity"},{"unstructured":"Bershidsky, L. (2018), \u201cEurope\u2019s privacy rules are having unintended consequences\u201d, available at: www.bloomberg.com\/opinion\/articles\/2018-11-14\/facebook-and-google-aren-t-hurt-by-gdpr-but-smaller-firms-are","key":"key2019092309581856300_ref002"},{"unstructured":"Bilyk, V. (2018), \u201cChallenges and benefits of GDPR implementation\u201d, available at: https:\/\/theappsolutions.com\/blog\/development\/gdpr-challenges-and-benefits\/","key":"key2019092309581856300_ref003"},{"volume-title":"Internet of Things, for Things, and by Things","year":"2018","key":"key2019092309581856300_ref004"},{"unstructured":"CIPL (2016), \u201cImplementing and interpreting the GDPR: challenges and opportunities\u201d, Centre for information policy leadership, available at: www.informationpolicycentre.com\/uploads\/5\/7\/1\/0\/57104281\/cipl_gdpr_amsterdam_workshop_report__2016.aug.23_.pdf","key":"key2019092309581856300_ref005"},{"volume-title":"Research Design: Qualitative, Quantitative, and Mixed Methods Approaches","year":"2018","key":"key2019092309581856300_ref006"},{"year":"2019","first-page":"1","article-title":"We value your privacy\u2026now take some cookies: measuring the GDPR\u2019s impact on web privacy","key":"key2019092309581856300_ref007"},{"unstructured":"Dellei, L. (2019), \u201cGDPR compliance as a competitive advantage\u201d, available at: www.isaca.org\/Knowledge-Center\/Blog\/Lists\/Posts\/Post.aspx?List=ef7cbc6d-9997-4b62-96a4-a36fb7e171af&ID=1133&utm_referrer=direct%2Fnot%20provided","key":"key2019092309581856300_ref008"},{"key":"key2019092309581856300_ref009","doi-asserted-by":"crossref","first-page":"401","DOI":"10.1016\/j.sbspro.2011.09.040","article-title":"Profiling online consumers according to their experiences with a special focus on social dimension","volume":"24","year":"2011","journal-title":"Procedia - Social and Behavioral Sciences"},{"issue":"4","key":"key2019092309581856300_ref010","first-page":"1013","article-title":"The EU general data protection regulation: implications for international scientific research in the digital era","volume":"46","year":"2019","journal-title":"The Journal of Law, Medicine & Ethics"},{"unstructured":"DPC (2018), \u201cRights of individuals under the general data protection regulation: data protection commissioner\u201d, available at: http:\/\/gdprandyou.ie\/wp-content\/uploads\/2018\/03\/Rights-of-Individuals-under-the-General-Data-Protection-Regulation.pdf","key":"key2019092309581856300_ref011"},{"unstructured":"Edwards, C. and Richard, A. (2018), \u201cGlobal companies lacking GDPR oversight of Sub-contractors\u201d, available at: www.out-law.com\/en\/articles\/2018\/april\/global-companies-lacking-gdpr-oversight-of-sub-contractors\/","key":"key2019092309581856300_ref012"},{"unstructured":"EU (2019), \u201cDoes my company\/organisation need to have a data protection officer (DPO)?\u201d, available at: https:\/\/ec.europa.eu\/info\/law\/law-topic\/data-protection\/reform\/rules-business-and-organisations\/obligations\/data-protection-officers\/does-my-company-organisation-need-have-data-protection-officer-dpo_en","key":"key2019092309581856300_ref013"},{"unstructured":"Fimin, M. (2018), \u201cFive benefits GDPR compliance will bring to your business\u201d, available at: www.forbes.com\/sites\/forbestechcouncil\/2018\/03\/29\/five-benefits-gdpr-compliance-will-bring-to-your-business\/#1d2981cb482f","key":"key2019092309581856300_ref014"},{"issue":"4","key":"key2019092309581856300_ref015","first-page":"30","article-title":"GDPR compliance in SMEs: there is much to be done","volume":"3","year":"2018","journal-title":"Journal of Information Systems Engineering & Management"},{"issue":"6","key":"key2019092309581856300_ref016","doi-asserted-by":"crossref","first-page":"703","DOI":"10.2501\/IJMR-2017-050","article-title":"The EU general data protection regulation (GDPR): European regulation that has a global impact","volume":"59","year":"2017","journal-title":"International Journal of Market Research"},{"unstructured":"Grafenstein, M. (2019), \u201cCo-Regulation and the competitive advantage in the GDPR: data protection certification mechanisms, codes of conduct and the 'state of the art' of data protection-by-design\u201d, available at: https:\/\/papers.ssrn.com\/sol3\/papers.cfm?abstract_id=3336990","key":"key2019092309581856300_ref017"},{"volume-title":"Quantitative Research Methods: From Theory to Publication","year":"2017","key":"key2019092309581856300_ref018"},{"issue":"2","key":"key2019092309581856300_ref019","doi-asserted-by":"crossref","first-page":"193","DOI":"10.1016\/j.clsr.2017.10.003","article-title":"The right to data portability in the GDPR: towards user-centric interoperability of digital services","volume":"34","year":"2018","journal-title":"Computer Law & Security Review"},{"issue":"1","key":"key2019092309581856300_ref020","doi-asserted-by":"crossref","first-page":"65","DOI":"10.1080\/13600834.2019.1573501","article-title":"The European Union general data protection regulation: what it is and what it means","volume":"28","year":"2019","journal-title":"Information & Communications Technology Law"},{"volume-title":"Modern Multivariate Statistical Techniques: Regression, Classification, and Manifold Learning","year":"2013","key":"key2019092309581856300_ref021"},{"unstructured":"Jobscience Information Hub (2019), \u201cWhat next?\u201d, available at: https:\/\/myjobscience.force.com\/GDPR\/s\/current-status-of-gdpr","key":"key2019092309581856300_ref022"},{"key":"key2019092309581856300_ref023","first-page":"13","article-title":"Preparing for GDPR: helping EU SMEs to manage data breaches","volume-title":"AISB 2018: Symposium on Digital Behaviour Interventions for Cyber-Security","year":"2018"},{"unstructured":"Kaushik, S. and Wang, Y. (2018), \u201cData privacy: demystifying the GDPR\u201d, available at: https:\/\/ischool.syr.edu\/infospace\/2018\/05\/25\/data-privacy-demystifying-gdpr\/","key":"key2019092309581856300_ref024"},{"unstructured":"Krikke, J. Valgaeren, E. and Origer, G. (2019), \u201cComplying with the general data protection regulation (GDPR)\u201d, available at: www.stibbe.com\/en\/expertise\/practiceareas\/data-protection\/general-data-protection-regulation\/what-are-the-challenges","key":"key2019092309581856300_ref025"},{"issue":"1","key":"key2019092309581856300_ref026","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1080\/1097198X.2019.1569186","article-title":"The impact of GDPR on global technology development","volume":"22","year":"2019","journal-title":"Journal of Global Information Technology Management"},{"issue":"3","key":"key2019092309581856300_ref027","doi-asserted-by":"crossref","first-page":"241","DOI":"10.13052\/jmbmit2245-456X.434","article-title":"GDPR regulation impact on different business models and businesses","volume":"4","year":"2018","journal-title":"Journal of Multi Business Model Innovation and Technology"},{"unstructured":"Lund, J. (2019), \u201cWhat is GDPR and how does it impact your business?\u201d, available at: www.superoffice.com\/blog\/gdpr\/","key":"key2019092309581856300_ref028"},{"issue":"1","key":"key2019092309581856300_ref029","first-page":"1","article-title":"Conceptualising the right to data protection in an era of big data","volume":"4","year":"2017","journal-title":"Big Data & Society"},{"unstructured":"Mackay, D. (2017), \u201cThe impact of GDPR from a technology perspective \u2013 is your platform ready?\u201d, available at: www.ness.com\/11101-2\/","key":"key2019092309581856300_ref030"},{"volume-title":"Qualitative Research: A Guide to Design and Implementation","year":"2015","key":"key2019092309581856300_ref031"},{"unstructured":"OECD (2019), \u201cEnterprises by business size (indicator)\u201d, available at: https:\/\/data.oecd.org\/entrepreneur\/enterprises-by-business-size.htm","key":"key2019092309581856300_ref032"},{"issue":"1","key":"key2019092309581856300_ref033","first-page":"1","article-title":"Forgetting personal data and revoking consent under the GDPR: challenges and proposed solutions","volume":"4","year":"2018","journal-title":"Journal of Cybersecurity"},{"issue":"6","key":"key2019092309581856300_ref034","first-page":"1247","article-title":"Backups and the right to be forgotten in the GDPR: an uneasy relationship","volume":"34","year":"2019","journal-title":"Computer Law & Security Review"},{"issue":"2","key":"key2019092309581856300_ref035","doi-asserted-by":"crossref","first-page":"89","DOI":"10.1108\/DPRG-11-2018-0068","article-title":"When the mobile app is free, the product is your personal data","volume":"21","year":"2019","journal-title":"Digital Policy, Regulation and Governance"},{"issue":"9","key":"key2019092309581856300_ref036","first-page":"369","article-title":"Strengths and limitations of qualitative and quantitative research methods","volume":"3","year":"2017","journal-title":"European Journal of Education Studies"},{"unstructured":"Schechner, S. and Drozdiak, N. (2018), \u201cFrom restaurants to insurers, the race to comply with new GDPR privacy rules\u201d, The Wall Street Journal, available at: www.wsj.com\/articles\/gdpr-has-companies-big-and-small-racing-to-comply-1527154200","key":"key2019092309581856300_ref037"},{"issue":"1","key":"key2019092309581856300_ref038","doi-asserted-by":"crossref","first-page":"134","DOI":"10.1016\/j.clsr.2017.05.015","article-title":"EU general data protection regulation: changes and implications for personal data collecting companies","volume":"34","year":"2018","journal-title":"Computer Law & Security Review"},{"volume-title":"Elementary Statistics","year":"2017","key":"key2019092309581856300_ref039"},{"doi-asserted-by":"crossref","unstructured":"Truong, N. Sun, K. Lee, G. and Guo, Y. (2019), \u201cGDPR \u2013 compliant personal data management: a Blockchain-based solution\u201d, IEEE Transactions on Information Forensics and Security, available at: https:\/\/arxiv.org\/pdf\/1904.03038.pdf","key":"key2019092309581856300_ref040","DOI":"10.1109\/TIFS.2019.2948287"},{"issue":"2","key":"key2019092309581856300_ref041","doi-asserted-by":"crossref","first-page":"266","DOI":"10.1080\/17579961.2018.1527479","article-title":"The GDPR and the internet of things: a three-step transparency model","volume":"10","year":"2018","journal-title":"Law, Innovation and Technology"},{"unstructured":"Wallace, N. and Castro, D. (2018), \u201cThe impact of the EU\u2019s new data protection regulation on AI\u201d, available at: www.datainnovation.org\/2018\/03\/the-impact-of-the-eus-new-data-protection-regulation-on-ai\/","key":"key2019092309581856300_ref042"},{"unstructured":"White, S. (2018), \u201cGeneral data protection regulation and the trust of the consumer\u201d, available at: https:\/\/gdpr.report\/news\/2018\/01\/23\/general-data-protection-regulation-trust-consumer\/","key":"key2019092309581856300_ref043"},{"unstructured":"Withey, V. (2018), \u201cThe impact of GDPR on the technology sector\u201d, available at: https:\/\/gdpr.report\/news\/2018\/03\/19\/the-impact-of-gdpr-on-the-technology-sector\/","key":"key2019092309581856300_ref044"}],"container-title":["Digital Policy, Regulation and Governance"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/DPRG-05-2019-0039\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/DPRG-05-2019-0039\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,24]],"date-time":"2025-07-24T23:14:18Z","timestamp":1753398858000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/dprg\/article\/21\/5\/510-524\/26790"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,8,12]]},"references-count":44,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2019,8,12]]}},"alternative-id":["10.1108\/DPRG-05-2019-0039"],"URL":"https:\/\/doi.org\/10.1108\/dprg-05-2019-0039","relation":{},"ISSN":["2398-5038","2398-5038"],"issn-type":[{"type":"print","value":"2398-5038"},{"type":"print","value":"2398-5038"}],"subject":[],"published":{"date-parts":[[2019,8,12]]}}}