Exploring barriers and pathways to data protection by design within IT companies : An integrated approach based on experts’ perspectives

Sammanfattning: The European General Data Protection Regulation (GDPR) will soon come into force, it is a regulation which spells out increased compliance demands for data protection by design. Failure to comply can lead to huge financial penalties, something IT companies controlling and processing personal data should not ignore. As the one-year countdown begins, studies have revealed under-preparedness of organizations affected by the GDPR. None of the studies so far has offered an integrated overview of the barriers faced by IT companies to embrace data protection by design. This study aims to help fill this gap and to investigate. A study based on expert’s knowledge has been carried out, using an integrated approach. Five experts from advocacy, legal and IT industry were interviewed, aiming to answer the following research question: “What are the barriers for IT companies to embrace data protection by design and how should these barriers be overcome?” An integrated overview of the barriers will then be presented, which includes the managerial, engineering and legal obstacles. The study goes on to present pathways to embrace data protection by design. A key contribution to this study is that managerial, legal and engineering barriers have shown to be directly interconnected and influence on each other. As such a much broader view must be undertaken to fully understand the different barriers that face IT companies in embracing data protection by design.