Empirical results on the collaboration between enterprise architecture and data protection management during the implementation of the GDPR

Abstract

The European General Data Protection Regulation's (GDPR) large imminent fines cause companies worldwide to undertake major efforts for privacy compliance. Any company doing business with European customers has to adhere to new processing principles and documentation requirements, and provide extensive access rights to data subjects. Enterprise architecture management (EAM) provides a theoretical and methodical framework to align business and IT and has been used, among others, to identify and address concerns that arose from regulation. In this work, we report results from 24 qualitative interviews with 29 enterprise architects on how EAM supports the work of data protection management (DPM) experts. We derive a conceptual framework with four different levels of EAM support for DPM, and discuss high-level recommendations for each level.