Global ETD Search

1	Analysis of Customer Personal Data Processing in a Swedish Public Transport Organization Jovic, Katarina January 2020 (has links) Purpose: The purpose of this research is to analyze the current routine for processing customers’ personal data in a Swedish public transport organization and advise on improvements that might be made to better comply with GDPR. Methodology: A qualitative study of personal data (as defined in the GDPR) based on five telephone interviews. The interviews were held in Swedish, then transcribed and finally translated to English for analysis. Literature perspectives: A research (neutral) perspective of the implementation regarding the General Data Protection Regulation (GDPR) within an organization. It is reported that GDPR tend to increase the tension in an organization. Some organizations expect GDPR will increase the annual budget and believe the business strategy will be changed. Findings: The organization is interested to clearly implement the regulation to their best interest they can. The organization see the centralization of customers’ data as a positive outcome and want to continue with IT-support for the GDPR process to get automated. The organization expresses they want to create a good relationship with their customers and be clear with the purpose of data collection. Conclusions: The research suggests that the organization should invest in IT support, help guiding the employees to understand the purpose of GDPR and produce staff guidelines. The staff guidelines should cover most of the issues that may occur during daily routines. However, if any anomalies occur regarding GDPR, the data processor should act as a guide to the employee. / Syfte: Syftet med kandidatuppsatsen är att analysera den nuvarande processen för bearbetning av kunders personuppgifter i en svensk kollektivtrafikorganisation samt ge förbättringsråd angående saker som kan förbättras för att bättre följa GDPR. Metod: En kvalitativ studie som handlar om personuppgifter (enligt definitionen i GDPR); baserat på fem telefonintervjuer. Intervjuerna hölls på svenska, transkriberades och översattes sedan till engelska för en analys. Teoretiska perspektiv: Ett forsknings- (objektivt) perspektiv på implementeringen av den allmänna dataskyddsförordningen (GDPR) inom en organisation. Det rapporteras att GDPR tenderar att öka stressen i en organisation. Vissa organisationer förväntar sig att GDPR kommer öka den årliga utgiften för databehandling samt tror att deras affärsstrategi kommer förändras. Resultat: Region Värmland Kollektivtrafik är intresserade av att genomföra GDPR förordningen i högsta grad. Organisationen ser centraliseringen av kundens personliga data som ett positivt resultat och vill fortsätta med IT-stöd för GDPR- processen för att den ska kunna bli automatiserad. Organisationen uttrycker att de vill skapa en bra relation med sina kunder och vara tydliga med syftet av datainsamlingen. Slutsatser: Studien antyder att organisationen bör investera i IT-stöd, hjälpa anställda att förstå syftet med GDPR samt ta fram personalriktlinjer. Personalriktlinjerna bör täcka de flesta problem som kan uppstå i de dagliga rutinerna. Om det däremot uppstår några avvikelser gällande GDPR, bör personbiträde fungera som en hjälpande hand för de anställda. Customer Data Organization Process Public Transport GDPR Implementation Personlig Data Organisation Process Kollektivtrafik GDPR Implementation Information Systems
2	Compliance issues within Europe's General Data Protection Regulation in the context of information security and privacy governance in Swedish corporations : A mixed methods study of compliance practices towards GDPR readiness Stauber, Sebastian January 2018 (has links) The European Union has introduced a new General Data Protection Regulation that regulates all aspects of privacy and data protection for the data of European citizens. To transition to the new rules, companies and public institutions were given two years to adapt their systems and controls. Due to the large area of changes the GDPR requires, many companies are facing severe problems to adapt the rules to be ready for enforcement. This marks the purpose of this study which is to look into compliance practices in the implementation of GDPR requirements. This includes a prospect of compliance mechanisms that may remain insufficiently addressed when the regulation comes into force on May 25, 2018. The study is conducted in Sweden and aims to investigate the situation in corporations and not in public institutions. Mixed methods have been applied by surveying and interviewing Swedish GDPR experts and consultants to gain an understanding of their view by using capability maturity scales to assess a variety of security processes and controls. The analysis shows a low implementation in GDPR requirements while having seen improvements over the past two years of transition. It points out that a holistic strategy towards compliance is mostly missing and many companies face obstacles that are difficult to overcome in a short period. This may result in non-compliance in many Swedish corporations after the regulation comes into force on May 25. GDPR Privacy Data Protection Information Security Privacy Governance Information Governance IS Governance IT Governance IT Compliance GDPR Implementation Privacy Regulation Economics and Business Ekonomi och näringsliv

Search results

Analysis of Customer Personal Data Processing in a Swedish Public Transport Organization

Compliance issues within Europe's General Data Protection Regulation in the context of information security and privacy governance in Swedish corporations : A mixed methods study of compliance practices towards GDPR readiness