MODERN PRIVACY REGULATION, INTERNAL INFORMATION QUALITY, AND OPERATING EFFICIENCY: EVIDENCE FROM THE GENERAL DATA PROTECTION REGULATION

Abstract

In May 2018, the European Union enacted the General Data Protection Regulation (GDPR). I examine its impact on firms’ internal information quality (IIQ) and operating efficiency in the United States. Although privacy regulations, such as GDPR, target one subset of firms’ information assets (i.e., personal data), academics and practitioners have emphasized the ability of these regulations to drive broad improvements in firms’ information management practices resulting in higher quality information available for decision making and, by extension, more efficient operations. At the same time, GDPR’s regulatory mandates are likely to burden operations. Using multiple modeling approaches to identify the effect of GDPR on US firms and a variety of IIQ proxies from financial reports and disclosures, I find that (a) GDPR leads to improvements in IIQ for impacted firms and (b) that these improvements in IIQ are beneficial to firm operations. However, the regulatory burden of GDPR has overwhelmed these benefits resulting in a negative net effect on firms’ operating efficiency.