Advanced search

Information security frameworks for assisting GDPR compliance in banking industry

João Serrado (Instituto Universitário de Lisboa (ISCTE-IUL), Lisbon, Portugal)
Ruben Filipe Pereira (Instituto Universitário de Lisboa (ISCTE-IUL), Lisbon, Portugal)
Miguel Mira da Silva (Higher Technical Institute, University of Lisbon, Lisboa, Portugal)
Isaías Scalabrin Bianchi (Federal University of Santa Catarina, Florianopolis, Brazil)

Digital Policy, Regulation and Governance

ISSN: 2398-5038

Publication date: 11 August 2020

Abstract

Purpose

Data can nowadays be seen as the main asset of organizations and data leaks have a considerable impact on the organization’s image, revenues and possible consequences to the affected clients. One of the most critical industries is the bank. Information security frameworks (ISF) have been created to assist organizations and other frameworks evolved to update these domain practices. Recently, the European Union decided to create the general data protection regulation (GDPR), applicable to all organizations dealing with personal data of citizens residing in the European Union. Although considered a general regulation, GDPR implementation needs to align with some industries’ laws and policies. Especially in the Bank industry. How these ISF can assist the implementation of GDPR is not clear.

Design/methodology/approach

The design science research process was followed and semi-structured interviews performed.

Findings

A list of practices to assist the bank industry in GDPR implementation is provided. How each practice map with assessed ISF and GDPR requirements is also presented.

Research limitations/implications

As GDPR is a relatively recent subject, it is hard to find experts in the area. It is more difficult if the authors intend to find experienced people in the GDPR and bank industry. That is one of the main reasons this study does not include more interviews.

Originality/value

This research provides a novel artefact to the body of knowledge. The proposed artefact lists which ISF practices banks should implement to comply with GDPR. By doing it the artefact provides a centralized view about which ISF frameworks (or part of them) could be implemented to help banks comply with GDPR.

Keywords

Citation

Serrado, J., Pereira, R.F., Mira da Silva, M. and Scalabrin Bianchi, I. (2020), "Information security frameworks for assisting GDPR compliance in banking industry", Digital Policy, Regulation and Governance, Vol. 22 No. 3, pp. 227-244. https://doi.org/10.1108/DPRG-02-2020-0019

Download as .RIS

Publisher

:

Emerald Publishing Limited

Copyright © 2020, Emerald Publishing Limited

To read the full version of this content please select one of the options below

You may be able to access this content by logging in via Shibboleth, Open Athens or with your Emerald account.
To rent this content from Deepdyve, please click the button.
Rent from Deepdyve
If you think you should have access to this content, click the button to contact our support team.
Contact us
Manage cookies

We’re listening — tell us what you think

Join us on our journey