This study addresses the inadequate awareness of privacy protection principles—such as Privacy by Design and data minimization—among ERP system developers and consultants, which hinders compliance with regulations like the GDPR. For the first time, the Fogg Behavior Model (FBM) is introduced into the ERP domain, integrated with qualitative thematic analysis to systematically construct privacy-related behavior models for these two key stakeholder groups. The research uncovers the motivational drivers and implementation barriers underlying their privacy practices. By extending the applicability of FBM to enterprise software privacy governance, this work not only advances theoretical understanding but also offers actionable insights for designing targeted interventions to enhance privacy compliance in ERP ecosystems.

Applications like Enterprise Resource Planning (ERP) systems have become an indispensable part of the corporate digital infrastructure. These systems store sensitive data about customers, suppliers, and employees, and thus companies have to process these data in accordance with applicable regulations like the GDPR (the EU General Data Protection Regulation). This can be challenging due to a variety of reasons. For example, prior research has shown that developers sometimes lack knowledge about privacy. In this work, we focus on privacy in ERP systems in the context of an international consultancy firm. We investigate the privacy awareness regarding privacy-by-design and data minimization of two important populations: developers of ERP systems and managers and consultants responsible for services related to ERP systems. Applying thematic analysis, we elicit privacy behavioral models of these two populations using Fogg's Behavioral Model (FBM) framework. Our findings provide a means to stimulate more adequate privacy-related behaviors for developers and consultants.