General Data Protection Regulation(GDPR) Adoption in Sri Lankan Businesses: A Data Governance Model

Abstract

For many data-driven businesses, the growing volume and complexity of data demand the use of specialized data protection solutions. The use of personal data resulted in a significant impact on privacy and security. Many countries have passed legislation to protect personal information. GDPR (General Data Protection Regulation) is one of them, and it is very vital for EU data processing companies. Although it does not directly apply to Sri Lanka, it applies to firms that deal with European Union counterparties. Sri Lankan firms must comply with GDPR to avoid losing business with the EU. Even though there has been minimal research into GDPR implementation guidelines it was found that the present resources available for Sri Lankan firms are not adequate. To address the problem, a comprehensive data governance model with multiple steps was developed. The proposed data governance model enables secured data management. Indicators and drivers that must be observed when applying GDPR principles were identified through interviews with industry specialists and a thorough literature review. This study provides a data governance model that data-driven enterprises may use to easily execute compliance.