Designing a Data Governance Model to Implement GDPR in Sri Lankan Enterprises

Abstract

The volume and complexity of data have expanded while demanding the need for specialized data protection solutions for many data-driven enterprises. Personal data is the internet's new oil and the digital world's new currency, has a big impact on privacy and security. Various laws have been implemented in many nations to protect people's personal information. One of them is GDPR (General Data Protection Regulation), which is particularly relevant for EU data processing businesses. Though it does not apply directly to Sri Lanka, it is directly applied to European Union counterparties. To avoid losing business with the EU, Sri Lanka must also comply with GDPR. Although there aren't many resources for GDPR implementation guidance, the existing ones are not very comprehensive. To resolve the issue, we went through a series of processes to construct a comprehensive model, after which we were able to develop a data governance model to deploy. The data governance model provides extensive direction for data management. We established the indicators and drivers that must be observed while applying the GDPR principles through interviews with industry professionals and completing an extensive literature study. A data governance model is provided in this study for data-driven organizations to simply implement compliance.