A systematic study on the impact of GDPR compliance on Organizations

Context: To achieve compliance with the General Data Protection Regulation (GDPR), organizational changes need to be made. Problem: To perform these changes, it is necessary to understand the challenges faced by organizations to comply with GDPR, as well as the practices they have been adopting to achieve such compliance. Proposed Solution: To provide a preliminary guide to organizations that have not achieved compliance with GDPR yet, this paper presents the results of a study in the literature seeking to identify the areas impacted by GDPR compliance, as well as the challenges faced and practices adopted by organizations in each of the identified areas. IS Theory: This work was conceived under the aegis of Argumentation Theory, presenting information from selected studies on the topic and evidence regarding the conclusions presented. Method: a Systematic Mapping of the Literature was conducted through automatic search in scientific databases seeking for quality papers published from 2018 to 2022 to answer the main research question regarding the impact of GDPR compliance on organizations. Results: The study has found affected areas, challenges faced by organizations and methods, technologies and practices they used to comply with GDPR. Contributions and impacts to the IS area: The results found can be used by other organizations in the same areas that are in the process of compliance with GDPR. In fact, these organizations can benefit from the lessons learned reported in the selected papers and synthesized in this study.