Searching for a Governance Model to Secure the Data Flow in Organizations as Required by General Data Protection Regulation\
Session
Information Systems and Security
Description
Since the end of the 1980s, there have been several initiatives to control and manage IT environments. ITIL is one of the more successful models, COBIT another. However, thanks to the IP protocol and Internet, since mid-2000 the world has seen a veritable data explosion, affecting IT governance. Some predictions expect current data volumes to grow more than 10 times till 2020, having serious implications both from governance and security perspectives. Additionally, we see some new EU regulations, i.e., Network and Information Security Directive (NIS) and General Data Protection Regulation (GDPR), implemented in May 2018. The latter two will directly affect the scope of IT governance within the European Union and for non-European entities handling EU Citizen’s personal data, with substantial fines if not complying. Both regulations forces anyone handling such data to consider information strategies that include big data management, governance, and information security as a convoluted context. Particularly, GDPR make them to related questions, a governance package. This creates a need for a paradigm shift to remediate/mitigate identified limitations in today’s traditional governance models. This article discusses governance from a holistic perspective, based on the data flow, as per the requirements of GDPR. These are the issues which were not envisioned when today’s governance models were designed in the late 1980s or early 1990s.
Keywords:
Agility, Data-flow, GDPR, IT Governance, Security
Session Chair
Naim Preniqi
Session Co-Chair
Blerton Abazi
Proceedings Editor
Edmond Hajrizi
ISBN
978-9951-550-19-2
Location
Pristina, Kosovo
Start Date
26-10-2019 1:30 PM
End Date
26-10-2019 3:30 PM
DOI
10.33107/ubt-ic.2019.80
Recommended Citation
Iqbal, Sarfraz and Magnusson, Lars, "Searching for a Governance Model to Secure the Data Flow in Organizations as Required by General Data Protection Regulation\" (2019). UBT International Conference. 80.
https://knowledgecenter.ubt-uni.net/conference/2019/events/80
Searching for a Governance Model to Secure the Data Flow in Organizations as Required by General Data Protection Regulation\
Pristina, Kosovo
Since the end of the 1980s, there have been several initiatives to control and manage IT environments. ITIL is one of the more successful models, COBIT another. However, thanks to the IP protocol and Internet, since mid-2000 the world has seen a veritable data explosion, affecting IT governance. Some predictions expect current data volumes to grow more than 10 times till 2020, having serious implications both from governance and security perspectives. Additionally, we see some new EU regulations, i.e., Network and Information Security Directive (NIS) and General Data Protection Regulation (GDPR), implemented in May 2018. The latter two will directly affect the scope of IT governance within the European Union and for non-European entities handling EU Citizen’s personal data, with substantial fines if not complying. Both regulations forces anyone handling such data to consider information strategies that include big data management, governance, and information security as a convoluted context. Particularly, GDPR make them to related questions, a governance package. This creates a need for a paradigm shift to remediate/mitigate identified limitations in today’s traditional governance models. This article discusses governance from a holistic perspective, based on the data flow, as per the requirements of GDPR. These are the issues which were not envisioned when today’s governance models were designed in the late 1980s or early 1990s.