Since May 25 2018, the General Data Protection Regulation (GDPR) regulates the handling of personal data both for companies in the European Union and European Citizens. It is part of the European Union’s Digital Single Market strategy and aims to create the conditions for an economy without barriers that would benefit individuals and companies as well as society as a whole (European Parliament and Council 2016). The protective purpose of the GDPR is to enable individuals, against the background of modern data processing possibilities and techniques and their risks, to decide for or against a consent to data processing on the basis of appropriate information on how their personal data are handled and in a self-determined manner. At the same time, the GDPR has established many fundamentally new concepts, thereby opening new leeway for legal, scientific and practical interpretation, providing both challenges and potential for renewal and innovation. Almost two years after the entry into force of the GDPR, it seems appropriate to reflect on first effects, suggestions for improvement and future high potential research areas. With Business and Information Systems Engineering research focusing on socio-technical systems for digital data processing for commercial or social purposes, it seems that it is the natural place for a transdisciplinary examination of the possibilities and challenges that this new regulation brings along. In this regard, BISE is – maybe better than any other field – suited to address such complex questions at the intersection of law, design, organizational research and information systems. However, with evolvement of its context, maybe also the field itself needs to adapt One sign for this simultaneous potential need and opportunity is the vivid research surrounding GDPR in the areas concerning the interdisciplinary field of BISE. In the vast majority of these contributions, a key question revolves around the interpretation of certain aspects of GDPR. On a more practical level, for example, there is an increasing body of practical guides or implementation guidelines, looking at how organizations will have to move forward to comply and avoid fines or negative publicity (Tankard 2016; Huth 2017; Voigt and Von dem Bussche 2017; Lambrinoudakis 2018). However, there is a lot of criticism remaining (Cvik et al. 2018). Organizational and management research likewise seeks to uncover and address organizational and business needs with regard to GDPR. These include, for example, the new Dr. T. Jakobi (&) Prof. Dr. G. Stevens Information Systems esp. IT-Security and Privacy, University of Siegen, Siegen, Germany e-mail: timo.jakobi@uni-siegen.de

中文翻译：

---

IS 在 GDPR 相关利益冲突中的作用

自 2018 年 5 月 25 日起，通用数据保护条例 (GDPR) 规范了欧盟公司和欧洲公民的个人数据处理。它是欧盟数字单一市场战略的一部分，旨在为无障碍经济创造条件，使个人和公司以及整个社会受益（欧洲议会和理事会，2016 年）。GDPR 的保护目的是使个人在现代数据处理可能性和技术及其风险的背景下，根据有关如何处理其个人数据的适当信息以及一种自我决定的方式。同时，GDPR 建立了许多根本性的新概念，从而为法律、科学和实用的解释，为更新和创新提供挑战和潜力。在 GDPR 生效近两年后，似乎应该反思最初的效果、改进建议和未来的高潜力研究领域。随着商业和信息系统工程研究侧重于用于商业或社会目的的数字数据处理的社会技术系统，它似乎是对这项新法规带来的可能性和挑战进行跨学科研究的自然场所。在这方面，BISE 可能比任何其他领域都更适合在法律、设计、组织研究和信息系统的交叉点解决此类复杂问题。但随着语境的演变，也许该领域本身也需要适应 这种同时存在的潜在需求和机会的一个标志是在 BISE 跨学科领域中围绕 GDPR 的生动研究。在绝大多数这些贡献中，一个关键问题围绕着对 GDPR 某些方面的解释。例如，在更实用的层面上，越来越多的实用指南或实施指南关注组织必须如何向前推进以遵守并避免罚款或负面宣传（Tankard 2016；Huth 2017；Voigt 和 Von dem Bussche 2017 年；兰布里诺达基斯 2018 年）。然而，仍有很多批评（Cvik 等人，2018 年）。组织和管理研究同样寻求发现和解决与 GDPR 相关的组织和业务需求。这些包括，例如，新博士 T. Jakobi (&) Prof. Dr. G. Stevens Information Systems esp. IT 安全和隐私，锡根大学，锡根，德国电子邮件：timo.jakobi@uni-siegen.de