Spelling suggestions: "subject:"GDPR implementatation"" "subject:"GDPR implemententation""
1 |
Analysis of Customer Personal Data Processing in a Swedish Public Transport OrganizationJovic, Katarina January 2020 (has links)
Purpose: The purpose of this research is to analyze the current routine for processing customers’ personal data in a Swedish public transport organization and advise on improvements that might be made to better comply with GDPR. Methodology: A qualitative study of personal data (as defined in the GDPR) based on five telephone interviews. The interviews were held in Swedish, then transcribed and finally translated to English for analysis. Literature perspectives: A research (neutral) perspective of the implementation regarding the General Data Protection Regulation (GDPR) within an organization. It is reported that GDPR tend to increase the tension in an organization. Some organizations expect GDPR will increase the annual budget and believe the business strategy will be changed. Findings: The organization is interested to clearly implement the regulation to their best interest they can. The organization see the centralization of customers’ data as a positive outcome and want to continue with IT-support for the GDPR process to get automated. The organization expresses they want to create a good relationship with their customers and be clear with the purpose of data collection. Conclusions: The research suggests that the organization should invest in IT support, help guiding the employees to understand the purpose of GDPR and produce staff guidelines. The staff guidelines should cover most of the issues that may occur during daily routines. However, if any anomalies occur regarding GDPR, the data processor should act as a guide to the employee. / Syfte: Syftet med kandidatuppsatsen är att analysera den nuvarande processen för bearbetning av kunders personuppgifter i en svensk kollektivtrafikorganisation samt ge förbättringsråd angående saker som kan förbättras för att bättre följa GDPR. Metod: En kvalitativ studie som handlar om personuppgifter (enligt definitionen i GDPR); baserat på fem telefonintervjuer. Intervjuerna hölls på svenska, transkriberades och översattes sedan till engelska för en analys. Teoretiska perspektiv: Ett forsknings- (objektivt) perspektiv på implementeringen av den allmänna dataskyddsförordningen (GDPR) inom en organisation. Det rapporteras att GDPR tenderar att öka stressen i en organisation. Vissa organisationer förväntar sig att GDPR kommer öka den årliga utgiften för databehandling samt tror att deras affärsstrategi kommer förändras. Resultat: Region Värmland Kollektivtrafik är intresserade av att genomföra GDPR förordningen i högsta grad. Organisationen ser centraliseringen av kundens personliga data som ett positivt resultat och vill fortsätta med IT-stöd för GDPR- processen för att den ska kunna bli automatiserad. Organisationen uttrycker att de vill skapa en bra relation med sina kunder och vara tydliga med syftet av datainsamlingen. Slutsatser: Studien antyder att organisationen bör investera i IT-stöd, hjälpa anställda att förstå syftet med GDPR samt ta fram personalriktlinjer. Personalriktlinjerna bör täcka de flesta problem som kan uppstå i de dagliga rutinerna. Om det däremot uppstår några avvikelser gällande GDPR, bör personbiträde fungera som en hjälpande hand för de anställda.
|
2 |
Compliance issues within Europe's General Data Protection Regulation in the context of information security and privacy governance in Swedish corporations : A mixed methods study of compliance practices towards GDPR readinessStauber, Sebastian January 2018 (has links)
The European Union has introduced a new General Data Protection Regulation that regulates all aspects of privacy and data protection for the data of European citizens. To transition to the new rules, companies and public institutions were given two years to adapt their systems and controls. Due to the large area of changes the GDPR requires, many companies are facing severe problems to adapt the rules to be ready for enforcement. This marks the purpose of this study which is to look into compliance practices in the implementation of GDPR requirements. This includes a prospect of compliance mechanisms that may remain insufficiently addressed when the regulation comes into force on May 25, 2018. The study is conducted in Sweden and aims to investigate the situation in corporations and not in public institutions. Mixed methods have been applied by surveying and interviewing Swedish GDPR experts and consultants to gain an understanding of their view by using capability maturity scales to assess a variety of security processes and controls. The analysis shows a low implementation in GDPR requirements while having seen improvements over the past two years of transition. It points out that a holistic strategy towards compliance is mostly missing and many companies face obstacles that are difficult to overcome in a short period. This may result in non-compliance in many Swedish corporations after the regulation comes into force on May 25.
|
Page generated in 0.5577 seconds