Privacy Compliance in Small-sized Enterprises

The study of data protection, especially in light of recent privacy regulations, often focuses on large-sized organizations that process immense amounts of personal data on a regular basis. Although these enterprises present a logical first step for investigating the status quo of privacy compliance practices, the realm of medium-, small-, and micro-sized businesses has largely been ignored in recent literature. In particular, the main drivers and hindrances remain undiscovered, making it unclear how and to what extent privacy is a core value in smaller organizations. In this work, we aim to address this gap by focusing only on small-sized e-commerce organizations, looking to uncover their perspectives on privacy compliance. Starting with a literature review to establish a foundation, we then interview eight members of small-sized e-commerce businesses. We shed light on the unique perspectives offered by our interviewees, taking the form of challenges and disincentives, as well as success factors.