The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC in May 25, 2018. This will generate major changes for organizations that process personal data. Privacy by Design is a requirement in GDPR and a concept that implies that IT systems are designed in such way that personal privacy is protected. By taking early consideration of Privacy by Design in procurement of IT, public organizations can ensure that integrity requirements are met and that privacy is protected. This study aims at studying differences between clients from public sector and IT providers in their knowledge and attitude to the concept Privacy by Design in relation to GDPR. The study is a qualitative study that includes four interviews, two interviews with respondents from public organizations, and two with respondents from IT provider organizations. The interviews were based on an interview guide with a summary of Datainspektionens (2012) checklist for built-in data protection and data protection by default. The result shows that neither the clients nor IT providers in general know much about the concept of Privacy by Design, but they are aware of its principles. All respondents have a positive attitude to the principles of Privacy by Design and believe that the knowledge in their respective operation is generally low and must be raised. Some interesting differences have been shown in this study. One of them is that the IT providers lean towards the client regarding issues in data minimization because the client wear the responsibility, and public organizations tend to collect more personal data than necessary. This contradicts data minimization, which is a core principle of Privacy by Design.
Identifer | oai:union.ndltd.org:UPSALLA1/oai:DiVA.org:umu-148135 |
Date | January 2018 |
Creators | Stenlund, Anna, Sjöström, Sanna, Wännberg, Cecilia |
Publisher | Umeå universitet, Institutionen för informatik, Umeå universitet, Institutionen för informatik, Umeå universitet, Institutionen för informatik |
Source Sets | DiVA Archive at Upsalla University |
Language | Swedish |
Detected Language | English |
Type | Student thesis, info:eu-repo/semantics/bachelorThesis, text |
Format | application/pdf |
Rights | info:eu-repo/semantics/openAccess |
Relation | Informatik Student Paper Bachelor (INFSPB) ; 2018.18 |
Page generated in 0.0012 seconds