Information security frameworks for assisting GDPR compliance in banking industry

Detalhes bibliográficos
Autor(a) principal: Serrado, J.
Data de Publicação: 2020
Outros Autores: Pereira, R., Mira da Silva, M., Bianchi, I. S.
Tipo de documento: Artigo
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10071/20757
Resumo: Purpose: Data can nowadays be seen as the main asset of organizations and data leaks have a considerable impact on the organization’s image, revenues and possible consequences to the affected clients. One of the most critical industries is the bank. Information security frameworks (ISF) have been created to assist organizations and other frameworks evolved to update these domain practices. Recently, the European Union decided to create the general data protection regulation (GDPR), applicable to all organizations dealing with personal data of citizens residing in the European Union. Although considered a general regulation, GDPR implementation needs to align with some industries’ laws and policies. Especially in the Bank industry. How these ISF can assist the implementation of GDPR is not clear. Design/methodology/approach: The design science research process was followed and semi-structured interviews performed. Findings: A list of practices to assist the bank industry in GDPR implementation is provided. How each practice map with assessed ISF and GDPR requirements is also presented. Research limitations/implications: As GDPR is a relatively recent subject, it is hard to find experts in the area. It is more difficult if the authors intend to find experienced people in the GDPR and bank industry. That is one of the main reasons this study does not include more interviews. Originality/value: This research provides a novel artefact to the body of knowledge. The proposed artefact lists which ISF practices banks should implement to comply with GDPR. By doing it the artefact provides a centralized view about which ISF frameworks (or part of them) could be implemented to help banks comply with GDPR.
id RCAP_a3575fa8f42eff1f9d675445199b573a
oai_identifier_str oai:repositorio.iscte-iul.pt:10071/20757
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling Information security frameworks for assisting GDPR compliance in banking industryInformation securityFrameworksGDPRGeneral data protection regulationData protectionPurpose: Data can nowadays be seen as the main asset of organizations and data leaks have a considerable impact on the organization’s image, revenues and possible consequences to the affected clients. One of the most critical industries is the bank. Information security frameworks (ISF) have been created to assist organizations and other frameworks evolved to update these domain practices. Recently, the European Union decided to create the general data protection regulation (GDPR), applicable to all organizations dealing with personal data of citizens residing in the European Union. Although considered a general regulation, GDPR implementation needs to align with some industries’ laws and policies. Especially in the Bank industry. How these ISF can assist the implementation of GDPR is not clear. Design/methodology/approach: The design science research process was followed and semi-structured interviews performed. Findings: A list of practices to assist the bank industry in GDPR implementation is provided. How each practice map with assessed ISF and GDPR requirements is also presented. Research limitations/implications: As GDPR is a relatively recent subject, it is hard to find experts in the area. It is more difficult if the authors intend to find experienced people in the GDPR and bank industry. That is one of the main reasons this study does not include more interviews. Originality/value: This research provides a novel artefact to the body of knowledge. The proposed artefact lists which ISF practices banks should implement to comply with GDPR. By doing it the artefact provides a centralized view about which ISF frameworks (or part of them) could be implemented to help banks comply with GDPR.Emerald2020-09-30T14:04:24Z2020-01-01T00:00:00Z20202020-09-30T15:00:55Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttp://hdl.handle.net/10071/20757eng2398-503810.1108/DPRG-02-2020-0019Serrado, J.Pereira, R.Mira da Silva, M.Bianchi, I. S.info:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-11-09T17:31:37Zoai:repositorio.iscte-iul.pt:10071/20757Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T22:14:13.608349Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv Information security frameworks for assisting GDPR compliance in banking industry
title Information security frameworks for assisting GDPR compliance in banking industry
spellingShingle Information security frameworks for assisting GDPR compliance in banking industry
Serrado, J.
Information security
Frameworks
GDPR
General data protection regulation
Data protection
title_short Information security frameworks for assisting GDPR compliance in banking industry
title_full Information security frameworks for assisting GDPR compliance in banking industry
title_fullStr Information security frameworks for assisting GDPR compliance in banking industry
title_full_unstemmed Information security frameworks for assisting GDPR compliance in banking industry
title_sort Information security frameworks for assisting GDPR compliance in banking industry
author Serrado, J.
author_facet Serrado, J.
Pereira, R.
Mira da Silva, M.
Bianchi, I. S.
author_role author
author2 Pereira, R.
Mira da Silva, M.
Bianchi, I. S.
author2_role author
author
author
dc.contributor.author.fl_str_mv Serrado, J.
Pereira, R.
Mira da Silva, M.
Bianchi, I. S.
dc.subject.por.fl_str_mv Information security
Frameworks
GDPR
General data protection regulation
Data protection
topic Information security
Frameworks
GDPR
General data protection regulation
Data protection
description Purpose: Data can nowadays be seen as the main asset of organizations and data leaks have a considerable impact on the organization’s image, revenues and possible consequences to the affected clients. One of the most critical industries is the bank. Information security frameworks (ISF) have been created to assist organizations and other frameworks evolved to update these domain practices. Recently, the European Union decided to create the general data protection regulation (GDPR), applicable to all organizations dealing with personal data of citizens residing in the European Union. Although considered a general regulation, GDPR implementation needs to align with some industries’ laws and policies. Especially in the Bank industry. How these ISF can assist the implementation of GDPR is not clear. Design/methodology/approach: The design science research process was followed and semi-structured interviews performed. Findings: A list of practices to assist the bank industry in GDPR implementation is provided. How each practice map with assessed ISF and GDPR requirements is also presented. Research limitations/implications: As GDPR is a relatively recent subject, it is hard to find experts in the area. It is more difficult if the authors intend to find experienced people in the GDPR and bank industry. That is one of the main reasons this study does not include more interviews. Originality/value: This research provides a novel artefact to the body of knowledge. The proposed artefact lists which ISF practices banks should implement to comply with GDPR. By doing it the artefact provides a centralized view about which ISF frameworks (or part of them) could be implemented to help banks comply with GDPR.
publishDate 2020
dc.date.none.fl_str_mv 2020-09-30T14:04:24Z
2020-01-01T00:00:00Z
2020
2020-09-30T15:00:55Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10071/20757
url http://hdl.handle.net/10071/20757
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv 2398-5038
10.1108/DPRG-02-2020-0019
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv Emerald
publisher.none.fl_str_mv Emerald
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799134699319197696

Registros relacionados