The Role of data governance in personal data protection :case study at spa condor electronics

Abstract

This study investigates how data governance practices at Condor Electronics, one of Algeria's largest private manufacturing conglomerates, contribute to personal data protection, in the context of Law No. 18-07 and its reinforcement through Law No. 25-11, and the near-total absence of empirical research on this subject within the Algerian private sector. A mixed-methods case study design was adopted, combining field observation, documentary analysis of nine ISO 27001:2022-aligned internal policies, and four semistructured interviews analyzed using NVivo 15, alongside a structured questionnaire administered to 67 IS Division employees and analyzed using SPSS Statistics 31. Qualitative findings revealed that governance practices are operationally present but structurally fragmented, with no unified framework, informally defined roles, a vacant governance manager position since 2023, and a complete absence of data quality management policies. Quantitative analysis confirmed a statistically significant and strong positive effect of data governance on personal data protection, with governance policies and roles emerging as the strongest predictor among all sub-dimensions. The study concludes that data governance at Condor Electronics contributes meaningfully but incompletely to personal data protection, reflecting a low governance maturity profile where practices are positively perceived by employees but operate in an ad hoc manner in the absence of a formal and unified governance framework.