An ethical reflection on GDPR compliance : integrating business ethics into a GDPR audit framework

Abstract

The General Data Protection Regulation (GDPR) was enforced on the 25th of May 2018. To help organizations audit their compliance with this regulation, an audit framework is indispensable. Next to this, it is good to know that the GDPR is essentially based on ethical principles. Speaking of eth-ics, research has shown that good business ethics have a positive influence on business performance. Therefore, this research is set out to investigate the following: “How should organizations take business ethics into account in their efforts to comply with the GDPR?” Using a design science approach, a GDPR compliance framework is developed during this research to audit compliance with GDPR article 1 - 23. The framework is innovative in the sense that it integrates business ethi-cal principles to improve the awareness of ‘why’ the GDPR is needed. This is achieved by providing a tool which identifies the relationships between the business ethical principles and the GDPR articles. 25 interviews indicated that this approach towards GDPR compliance was perceived as an eye-opener. The findings are from a qualitative nature and provide a basis for future quantitative research.