Factors influencing the intention to comply with data protection regulations in hospitals: based on gender differences in behaviour and deterrence

German hospitals are required to comply with, and give due consideration to, the data protection laws and regulations that apply to their daily work. However, the data protection scandals that have occurred in Germany in recent years imply that this compliance on the part of hospital employees cannot be taken for granted. According to the literature available, psychological factors may account for this fact – in particular the variables of the theory of planned behaviour and the general deterrence theory. In keeping with these theories, this research has analysed the influences of the attitudes, subjective norms and perceived behavioural control on employees’ intentions to comply with data protection regulations. A survey was conducted among hospital employees in Germany to further identify the most significant factors influencing their intention to comply with data protection and the variance in intention between men and women. The results suggest that psychological factors such as attitude, subjective norms and perceived behaviour control are significantly influential and find significant differences between the genders in the intention to comply with data protection regulations. The results of this study demonstrate that there are practical implications that, if implemented, can lead to a higher standard of data protection compliance in hospitals in the future by taking the technical and organisational measures of awareness for data protection compliance into account.