The Four Dimensions of the GDPR Framework: An Institutional Theory Perspective

The EU general data protection regulation (GDPR) is the most important change in data privacy regulation in 20 years. The regulation will fundamentally reshape the way in which data are handled across every sector. The organizations had two years to implement it. Despite this, it has been observed that, in several sectors of activity, the number of organizations having adopted that control is low. This study aimed to identify the factors which condition the adoption of the GDPR by organizations. Methodologically, the study involved interviewing the officials in charge of information systems in 18 health clinics in Portugal. The factors facilitating and inhibiting the implementation of GDPR are presented and discussed. Based on these factors, a set of recommendations are made to enhance the adoption of the measures proposed by the regulation. The study used Institutional Theory as a theoretical framework. The results are discussed in light of the data collected in the survey, and possible future works are identified.