PACIS 2022 Proceedings

Paper Number



The aim of this literature review is to understand GDPR impacts on information security in organisations. The research question is: What outcomes previous research reveal about the GDPR impacts on information security development? Findings indicated that GDPR has had several impacts divided in six categories here: user profiling and data collection, business impacts, management and compliance, personal competences, skills and career, authorization, authentication and notification obligation and data storage. Findings also indicated that even though GDPR had upraised information security and data protection requirements, it has caused also challenges. Previous research raised important separate issues of GDPR impacts of information security, but did not addressed topic comprehensively. Previous literature did not report best practices of how organisational GDPR impacts are examined. To fill this gap, the framework for observing GDPR impacts of organisations was built.


Paper Number 1885



When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.