14th Scandinavian Conference on Information Systems

Abstract

The increasing availability of data can afford dynamic competitive advantages among data-intensive corporations, but governance bottlenecks hinder data-driven value creation and increase regulatory risks. We analyze the role of two technological features of data architecture that facilitate internal data governance – Application Programmatic Interfaces (APIs) that publish interdepartmental data and standardization of identity and access management (IAM) software – in shaping large dataintensive corporations’ adaptation to privacy regulation. Using annual establishment data for the largest U.S. financial services corporations and the enforcement of the General Data Protection Regulation (GDPR) in 2018 as a natural experiment, we show that internal data APIs and standardization of IAM software significantly mitigate establishments’ revenue loss and IT budget reduction in response to GDPR enforcement. Compliance costs measured by IT hiring increased substantially after GDPR enforcement only for firms without internal data APIs. Our findings highlight the importance of interoperability and standardization as technical conditions that facilitate dynamic integrative capability, allowing large data-intensive corporations to ensure proper data governance and adapt to privacy regulation.

Share

COinS