Return to search

Challenges Involved in the Implementation of the General Data Protection Regulation (GDPR) in an Information System Development Organization - An Exploratory Study.

The General Data Protection Regulation (GDPR) is a key regulation that deals with the protection of personal data in the European Union. It will be enforced on May 25, 2018. The GDPR brings in significant changes compared to the previous Data Protection Directive 95/46/EC (DIR95). Therefore, the organizations that fall within the scope of the GDPR are required to make their information systems compliant. Due to the complexity of modern software and the magnitude of changes required for the successful adoption of the GDPR, adopting such requirements could be a challenging task. Various works have already been conducted in the past addressing different articles and principles of the GDPR. However, relatively new Legal Technology sector has not been the focus of the GDPR related research. The purpose of the thesis is to investigate how a Legal Technology organization is affected by the challenges of implementing GDPR related requirements into its information system. In order to address the aim of the study, a literature review was conducted, followed by a case study in Assently AB, a small-sized organization belonging to the Legal Technology industry. In order to gather detailed information about the challenges of implementing the GDPR in their information system, semi-structured interviews were conducted with the practitioners at Assently. The result of this study is a collection of challenges. This collection of challenges relates to understanding the regulation in order to implement it into information system, creating new tools and processes, reviewing existing tools and processes, human resource availability for the support, management and development of information system and facing possible customer-related issues. The study contributes to the GDPR and Legal Technology related research. Moreover, it can be used by the industry practitioners to prepare for the similar implementations in the future. Furthermore, it will be useful for the emerging Legal Technology organizations who may need to design their information systems in compliance with the GDPR.

Identiferoai:union.ndltd.org:UPSALLA1/oai:DiVA.org:lnu-76569
Date January 2018
CreatorsKutserenko, Kristiina
PublisherLinnéuniversitetet, Institutionen för informatik (IK)
Source SetsDiVA Archive at Upsalla University
LanguageEnglish
Detected LanguageEnglish
TypeStudent thesis, info:eu-repo/semantics/bachelorThesis, text
Formatapplication/pdf
Rightsinfo:eu-repo/semantics/openAccess

Page generated in 0.0018 seconds