Return to search

A case study on managing customer data to comply with GDPR

Abstract This bachelor thesis paper presents a case study on the technical actions undertaken by a company in order to manage its customers’ personal information in compliance to GDPR (General data protection regulation), a law that was introduced on the 25th May of 2018. GDPR imposes strict responsibilities on the companies dealing with personal information. Therefore, companies located in EU or handling personal information of EU citizen have to review and update their information handling process to comply according to the law. Companies failing to comply with GDPR can be subject to heavy penalty. This paper presents an in-depth picture of how a small company which is quite reliant on data processing adapts itself to the GDPR era when handling their customer’s personal data. The Order Department and the Technical Department within the case company, where most of the customer’s personal information is handled, were studied for this thesis. In conclusion, this case study identified seven different measures that the company undertook to comply with GDPR including periodical deletion of email letters, using separate email addresses for company internal messages, and tight restrictions on who can access what data. Moreover, two major challenges were identified: time and legacy. Time, because a small sized company cannot set off one staff to deal with everything related to GDPR but instead everyone has to take this regulation into consideration. The second challenge is legacy, because data routines before the GDPR were not strict.

Identiferoai:union.ndltd.org:UPSALLA1/oai:DiVA.org:kau-71375
Date January 2019
CreatorsHossain, Shahriar
PublisherKarlstads universitet, Handelshögskolan (from 2013)
Source SetsDiVA Archive at Upsalla University
LanguageEnglish
Detected LanguageEnglish
TypeStudent thesis, info:eu-repo/semantics/bachelorThesis, text
Formatapplication/pdf
Rightsinfo:eu-repo/semantics/openAccess

Page generated in 0.002 seconds