The benefits and challenges of general data protection regulation for the information technology sector

The implementation of European data protection is a challenge for businesses and has imposed legal, technical and organizational changes for companies. This study aims to explore the benefits and challenges that companies operating in the information technology (IT) sector have experienced in applying the European data protection. Additionally, this study aims to explore whether the benefits and challenges faced by these companies were different considering their dimension and the state of implementation of the regulation.

This study adopts a quantitative methodology, based on a survey conducted with Portuguese IT companies. The survey is composed of 30 questions divided into three sections, namely, control data; assessment; and benefits and challenges. The survey was created on Google Drive and distributed among Portuguese IT companies between March and April of 2019. The data were analyzed using the Stata software using descriptive and inferential analysis techniques using the ANOVA one-way test.

A total of 286 responses were received. The main benefits identified by the application of European data protection include increased confidence and legal clarification. On the other hand, the main challenges include the execution of audits to systems and processes and the application of the right to erasure. The findings allow us to conclude that the state of implementation of the general data protection regulation (GDPR), and the type of company are discriminating factors in the perception of benefits and challenges.

This study has essentially practical implications. Based on the synthesis of the benefits and challenges posed by the adoption of European data protection, it is possible to assess the relative importance and impact of the benefits and challenges faced by companies in the IT sector. However, this study does not explore the type of challenges that are placed at each stage of the adoption of European data protection and does not take into account the specificities of the activities carried out by each of these companies.

The implementation of the GDPR is still in an initial phase. This study is pioneering in synthesizing the main benefits and challenges of its adoption considering the companies operating in the IT sector. Furthermore, this study explores the impact of the size of the company and the status of implementation of the GDPR on the perception of the established benefits and challenges.