Abstract This bachelor thesis paper presents a case study on the technical actions undertaken by a company in order to manage its customers’ personal information in compliance to GDPR (General data protection regulation), a law that was introduced on the 25th May of 2018. GDPR imposes strict responsibilities on the companies dealing with personal information. Therefore, companies located in EU or handling personal information of EU citizen have to review and update their information handling process to comply according to the law. Companies failing to comply with GDPR can be subject to heavy penalty. This paper presents an in-depth picture of how a small company which is quite reliant on data processing adapts itself to the GDPR era when handling their customer’s personal data. The Order Department and the Technical Department within the case company, where most of the customer’s personal information is handled, were studied for this thesis. In conclusion, this case study identified seven different measures that the company undertook to comply with GDPR including periodical deletion of email letters, using separate email addresses for company internal messages, and tight restrictions on who can access what data. Moreover, two major challenges were identified: time and legacy. Time, because a small sized company cannot set off one staff to deal with everything related to GDPR but instead everyone has to take this regulation into consideration. The second challenge is legacy, because data routines before the GDPR were not strict.
Identifer | oai:union.ndltd.org:UPSALLA1/oai:DiVA.org:kau-71375 |
Date | January 2019 |
Creators | Hossain, Shahriar |
Publisher | Karlstads universitet, Handelshögskolan (from 2013) |
Source Sets | DiVA Archive at Upsalla University |
Language | English |
Detected Language | English |
Type | Student thesis, info:eu-repo/semantics/bachelorThesis, text |
Format | application/pdf |
Rights | info:eu-repo/semantics/openAccess |
Page generated in 0.0021 seconds