Enterprise Architecture Frameworks as Support for Implementation of Regulations: Approach and Experiences from GDPR

Johannes Wichmann, Kurt Sandkuhl, Nikolay Shilov, Alexander Smirnov, Felix Timm, Matthias Wißotzki


Enterprise Architecture (EA) management has been discussed as being supportive for implementation of regulations in enterprises and organizations, but the role of EA frameworks in this context has not been addressed intensely. The EU General Data Protection Regulation (GDPR) is one of the most frequently discussed regulation in industry and research, and expected to cause a shift in viewpoint of enterprises from a technological perspective dominated by information security issues to an organizational perspective governed by GDPR-compliant organizational structures and processes. A well-documented Enterprise Architecture (EA) and a working Enterprise Architecture Management (EAM) organization are expected to significantly ease the roadmap planning for GDPR implementation. Therefore, this article focuses on the practice of EA use for GDPR implementation. The main contributions of this article are (a) an analysis and comparison of existing architecture frameworks and how they address security-related issues, and (b) a case study from financial industries illustrating the use of EA for implementing GDPR compliance.


GDPR; Enterprise Architecture; Enterprise Architecture Framework; Security; Security Architecture Frameworks

Full Text:


DOI: 10.7250/csimq.2020-24.03


  • There are currently no refbacks.

Copyright (c) 2020 Complex Systems Informatics and Modeling Quarterly