A Roadmap for Implementing the General Data Protection Regulation in Higher Education Institutions Using Kotter’s Organizational Change Model

The compliance with the General Data Protection Regulation (GDPR) is mandatory since May 25, 2018 for any organization dealing with personal data of European citizens. For the success of the GDPR implementation to be a reality, it is important to guarantee the existence with an adequate level of performance, of a set of Critical Success Factors (CSF). This article is based on a work in progress, but with final results already available, that determined a set of 16 CSFs related to the implementation of the GDPR in Higher Education Institutions (HEIs). One of these 16 CSFs highlights the importance of correctly managing change, being one of the most used models in this context including in HEIs, the 8-step organizational change model by Kotter [1]. The Kotter’s organizational change model is proposed in this study as a roadmap, to systematically carry out the change management related to the implementation of GDPR HEIs.