Enterprise architecture management as a solution for addressing general data protection regulation requirements in a big data context: a systematic mapping study

CONTEXT: Big Data Analytics is a rapidly emerging IT practice whose applications offer benefits for a wide variety of business areas across an organisation. Given the wide scope of applications, the many types of processing involved, including those for purposes not yet foreseen, and the inherent privacy concerns resulting from collecting and storing personal data, the newly introduced General Data Protection Regulation (GDPR) poses specific challenges for safeguarding the security and protection of big data. These challenges are not limited to the IT function but extend across the entire organisation. This raises the question whether Enterprise Architecture Management (EAM), as an approach for ensuring the coherence, strategic alignment and focus on value creation of all organisational resources, offers guidance for addressing those challenges in a holistic manner, and thus provides a fruitful ground for developing an approach for complying to GDPR requirements in a Big Data context. OBJECTIVE: This study surveys the state-of-the-art in research on security, privacy, and protection of big data. The focus is on investigating which specific issues and challenges have been identified and whether these have been linked to GDPR requirements. Further, it examines whether previous research has investigated the potential of EAM in addressing those challenges and what the main findings of those studies are. METHOD: We used Systematic Mapping Review (SMR), which is a methodology for literature review aimed at surveying the state-of-the-art in a research field as it is documented in the scientific literature. Further, we used Template Analysis, which is a thematic analysis technique, for coding the texts of the selected papers, classifying the research studies, and interpreting the different themes addressed in the literature. RESULTS: Our study indicates that only few researchers have explored the use of EAM practices in relation to data security and protection in a Big Data context. We further identified seven trends within the areas under consideration that could be subjects for further research. CONCLUSIONS: Our study does not invalidate the potential of EAM to help addressing GDPR requirements in a Big Data context. However, how EAM practices may contribute to risk management and data governance in environments where big data are being processed, is still a huge research gap, which we intend to address in our future research. SUPPLEMENTARY INFORMATION: The online version of this article (10.1007/s10257-020-00500-5) contains supplementary material, which is available to authorized users.