Search results

The general data protection regulation (GDPR) was designed to address privacy challenges posed by globalisation and rapid technological advancements; however, its implementation has also introduced new hurdles for companies. This study aims to analyse and synthesise the existing literature that focuses on challenges of GDPR implementation in business enterprises, while also outlining the directions for future research.

The methodology of this review follows the preferred reporting items for systematic reviews and meta-analysis guidelines. It uses an extensive search strategy across Scopus and Web of Science databases, rigorously applying inclusion and exclusion criteria, yielding a detailed analysis of 16 selected studies that concentrate on GDPR implementation challenges in business organisations.

The findings indicate a predominant use of conceptual study methodologies in prior research, often limited to specific countries and technology-driven sectors. There is also an inclination towards exploring GDPR challenges within small and medium enterprises, while larger enterprises remain comparatively unexplored. Additionally, further investigation is needed to understand the implications of emerging technologies on GDPR compliance.

This study’s limitations include reliance of the search strategy on two databases, potential exclusion of relevant research, limited existing literature on GDPR implementation challenges in business context and possible influence of diverse methodologies and contexts of previous studies on generalisability of the findings.

The originality of this review lies in its exclusive focus on analysing GDPR implementation challenges within the business context, coupled with a fresh categorisation of these challenges into technical, legal, organisational, and regulatory dimensions.

Research on online user privacy shows that empirical evidence on how privacy literacy relates to users' information privacy empowerment is missing. To fill this gap, this paper investigated the respective influence of two primary dimensions of online privacy literacy – namely declarative and procedural knowledge – on online users' information privacy empowerment.

An empirical analysis is conducted using a dataset collected in Europe. This survey was conducted in 2019 among 27,524 representative respondents of the European population.

The main results show that users' procedural knowledge is positively linked to users' privacy empowerment. The relationship between users' declarative knowledge and users' privacy empowerment is partially supported. While greater awareness about firms and organizations practices in terms of data collections and further uses conditions was found to be significantly associated with increased users' privacy empowerment, unpredictably, results revealed that the awareness about the GDPR and user’s privacy empowerment are negatively associated. The empirical findings reveal also that greater online privacy literacy is associated with heightened users' information privacy empowerment.

While few advanced studies made systematic efforts to measure changes occurred on websites since the GDPR enforcement, it remains unclear, however, how individuals perceive, understand and apply the GDPR rights/guarantees and their likelihood to strengthen users' information privacy control. Therefore, this paper contributes empirically to understanding how online users' privacy literacy shaped by both users' declarative and procedural knowledge is likely to affect users' information privacy empowerment. The study empirically investigates the effectiveness of the GDPR in raising users' information privacy empowerment from user-based perspective. Results stress the importance of greater transparency of data tracking and processing decisions made by online businesses and services to strengthen users' control over information privacy. Study findings also put emphasis on the crucial need for more educational efforts to raise users' awareness about the GDPR rights/guarantees related to data protection. Empirical findings also show that users who are more likely to adopt self-protective approaches to reinforce personal data privacy are more likely to perceive greater control over personal data. A broad implication of this finding for practitioners and E-businesses stresses the need for empowering users with adequate privacy protection tools to ensure more confidential transactions.

Sharing patient health information (PHI) among hospitals has been much slower than the adoption of health record systems. This paper aims to investigate if privacy regulation (PR) or security measures (SMs) influence hospitals’ use of health information exchange (HIE) to share PHI with other providers (e.g. physicians, labs, hospitals). The study specifically focuses on how multiple PRs can impede and a strong national security infrastructure (NSI) can support HIE.

The study uses secondary data from a multi-national and multi-hospital survey administered by the European Union. The multi-level structure of the cross-sectional panel data is used to test the influence of both hospital-level (e.g. PR) and national-level variables (e.g. NSI) on HIE. A total of nine types of HIE, three types of PRs, nine SMs and other relevant control variables are considered. This study uses a two-level random intercept generalized linear model to test the hypothesis proposed in the study.

The study finds that national-level PRs (NLPR) have the strongest positive influence on HIE in comparison to regional (RLPR) and hospital-level (HLPR) PRs. Moreover, the study finds evidence that the presence of RLPR and HLPR, on average, decreases the positive impact of NLPR by 264%. The SMs also have a significant and positive impact on HIE. Adoption of an additional SM can increase the odds of engaging in a certain type of HIE between 21% and 61%. On the other hand, a strong NSI can also amplify the positive impact of SM on certain types of HIE.

This study extends prior research on the role of PRs in enabling HIE by considering the complexities brought up by adopting multiple PRs. NLPRs have the strongest impact on HIE in comparison to RLPRs or HLPRs. Moreover, public infrastructure initiatives such as those related to secure communications can also complement SMs adopted by the providers by encouraging HIE.

The authors argue that privacy is integral to the well-being of consumers and an essential component in not only corporate social responsibility (CSR) but what they term uniquely as social media responsibility (SMR). A conceptual framework is proposed that delineates the privacy issues companies should pay attention to in artificial intelligence (AI)-fueled social media environments.

The authors review literature on privacy issues in social media and AI in the academic and practitioner literatures. Based on the review, arguments focus on the need for an SMR framework, proposing responsible use of consumer data that is attentive to consumers' privacy concerns.

Implications from the framework are a path forward for social media companies to treat consumer data more fairly in this new environment. The framework has implications for companies to reduce potential harms to consumers and consider addressing their power and responsibility. With social media and AI transforming consumer behavior so profoundly, there are a variety of short- and long-term social implications.

Since AI tools are becoming integral to social media company activities, this research addresses the changing responsibilities social media companies have in securing consumers' data and enabling consumers the agency to protect their privacy effectively. The authors propose an SMR framework based on CSR research and AI tools employed by social media companies.

The rapid advancement of technology has transformed the health-care industry and enabled the emergence of m-Health solutions such as health apps. The viability and success of these apps depends on the definition of a monetization model appropriate to their specificities. In this sense, the purpose of this paper is to study the mechanisms of monetization of health apps, to stablish how alternative revenues determine if a health app is to be free or paid.

Probability models are used to identify the factors that explain if a health app is free or paid.

Results show that the presence of alternative monetization mechanisms negatively impacts the likelihood of a health app being paid for. The use of personal data to customize advertising (the monetization of “privacy capital”) or the inclusion of ads on the app are alternative means of monetization with potential to decrease the likelihood of a health app being paid for. The possibility of in-app purchases has a lower negative impact on the probability of a health app being paid for. The choice of platform to commercialize an app is also a strategic decision that influences the likelihood of an app being paid for.

This work stands out for bringing together the two largest platforms present in Portugal and for focusing on the perspective of revenue and monetization of health apps and not on the perspective of downloads.

Security assurance evaluation (SAE) is a well-established approach for assessing the effectiveness of security measures in systems. However, one aspect that is often overlooked in these evaluations is the assurance context in which they are conducted. This paper aims to explore the role of assurance context in system SAEs and proposes a conceptual model to integrate the assurance context into the evaluation process.

The conceptual model highlights the interrelationships between the various elements of the assurance context, including system boundaries, stakeholders, security concerns, regulatory compliance and assurance assumptions and regulatory compliance.

By introducing the proposed conceptual model, this research provides a framework for incorporating the assurance context into SAEs and offers insights into how it can influence the evaluation outcomes.

By delving into the concept of assurance context, this research seeks to shed light on how it influences the scope, methodologies and outcomes of assurance evaluations, ultimately enabling organizations to strengthen their system security postures and mitigate risks effectively.

The purpose of this paper is to evaluate the impact of leadership development programmes, underpinned by Transformational Learning Theory (TLT).

A corpus-informed analysis was conducted using survey data from 690 participants. Data were collected from participants’ responses to the question “please tell us about the impact of your overall experience”, which culminated in a combined corpus of 75,053 words.

Findings identified patterns of language clustered around the following frequently used word types, namely, confidence; influence; self-awareness; insight; and impact.

This in-depth qualitative evaluation of participants’ feedback has provided insight into how TLT can be applied to develop future health-care leaders. The extent to which learning has had a transformational impact at the individual level, in relation to their perceived ability to influence, holds promise for the wider impact of this group in relation to policy, practice and the promotion of clinical excellence in the future. However, the latter can only be ascertained by undertaking further realist evaluation and longitudinal study to understand the mechanisms by which transformational learning occurs and is successfully translated to influence in practice.

Previous research has expounded traditional leadership theories to guide the practice of health-care leadership development. The paper goes some way to demonstrate the impact of using the principles of TLT within health-care leadership development programmes. The approach taken by The Florence Nightingale Foundation has the potential to generate confident leaders who may be instrumental in creating positive changes across various clinical environments.

The purpose of this study is to understand how executives in technology companies relate to targets for gender equality, especially pertaining to top management.

The study draws on 19 interviews of CEOs, senior line managers and HR directors in ten technology companies operating in Finland. The method is (reflexive) thematic analysis.

Previous studies on the role of executives in promoting gender equality provide somewhat mixed results: while their role is vital, senior leaders may not be inclined to support gender equality targets and measures. Drawing on critical feminist theorizing, this study identifies three ways in which the executives in technology companies related to gender equality targets: endorsing, negotiating and resisting. However, all these responses were constrained by the executives’ assumption that their companies are meritocratic. The study illustrates how executives’ narrow understanding of gender equality and reliance on the presumably well-working systems, combined with underlying doubts about the competence of women, hinder the advancement of women to top management.

While previous studies have evaluated targets to increase the number/percentage of women, both in certain “ideal case” companies and in terms of their effectiveness more broadly, this study discusses how technology company executives navigate these targets in relation to women's assumed “competence”.

Organizations have started using the metaverse to sell non-fungible tokens, execute engineering processes and conduct business meetings. A condition of creating value by moving business processes to the metaverse is acceptance of this technology. In business-to-business scenarios, internal employees and external partners may have different views on the topic but must agree upon new practices. Understanding common motivations and challenges associated with using the metaverse is crucial to its success.

The authors interviewed managers from a pharmaceutical company considering conducting meetings with clients in the metaverse. A series of 23 statements on reasons for (non)-use was generated. Twenty-five individuals (13 employees and 12 clients) then ranked these statements against each other, revealing what would drive or hinder their metaverse use. The authors compared these perspectives to identify common issues.

The authors identified four different views. Views 1 and 2 correspond to internal and external participants, while Views 3 and 4 correspond to external ones only. View 1 is skeptical and underlines the role of peers in acceptance. View 2 is a positive perspective centered on usefulness. View 3 is ambivalent and is centered on efforts required to use the metaverse. View 4 reveals a reversed perspective wherein using the metaverse is a low-effort activity.

This paper proposes a case study probing acceptance of a realistic business use of the metaverse. This paper identifies risks to mitigate and motivations to leverage when proposing metaverse usage in a business-to-business context.