Security is a core practice in organisations at a technical level. But it is since the implementation of the General Data Protection Regulation (GDPR) across the European Union that there has been an enforced, and profound, impact on privacy and security practice in organisations. Also, the unprecedented increase in the amount of data available for processing and the ability to manage Big Data and harvest insightful knowledge is leading towards process-centric transformation in organisations. But given the on-going headlining security and privacy breaches, more research is needed into exactly what must be done at the business end of organisations to ensure compliance with GDPR, to as close to guarantee as possible that client and employee data is not hacked, or that organisations or, as we have seen, whole cities, be held to ransom. Privacy and security is not just a technical function but core to all aspects of a business.
Business processes implement business objectives and IT is used as an aid to delivering those process goals. Every process involving people will use some data in its operations, especially in fulfilment, business-to-customer and business-to-business (external facing outputs). How is privacy of employees and customers maintained?