Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Implementering av General Data Protection Regulation i organisationer: En explorativ studie om olika sätt att anpassa sig till den tvingande lagen GDPR
University West, School of Business, Economics and IT, Division of Business Administration.
University West, School of Business, Economics and IT, Division of Business Administration.
2019 (Swedish)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
Abstract [sv]

Hanteringen av personuppgifter har länge skett enligt Personuppgiftslagen, men har sedan i maj 2018 blivit ersatt av den nya dataskyddsförordningen GDPR. Denna nya lag ämnar till att öka människors integritet och sätter nya krav på hur organisationer hanterar personuppgifter såsom namn, adress, telefonnummer och personnummer. Då GDPR är en tvingande lag så innebär detta att alla organisationer inom EU måste leva upp till dess krav, och för att göra detta så krävs det en viss anpassning. Denna studie syftar till att ta reda på hur implementeringen av GDPR har skett i svenska organisationer som verkar i konsumentmarknaden. Denna studie kommer behandla organisationers kommunikation, både intern och externt, samt ledarskap och rutiner, för att ta reda på hur tre olika organisationer har gått till väga för att implementera den tvingande lagen GDPR. Studien är en explorativ studie med en abduktiv ansats, där en kvalitativ metod har använts för att insamla data. Totalt har tre organisationer studerats och sex intervjuer utförts, varav en ur ledningen och en anställd från varje organisation. Våra resultat visar på att organisationer kan implementera GDPR på olika sätt. De tre organisationerna har implementerat GDPR med den gemensamma nämnaren att samtliga organisationer måste uppdatera rutiner och arbetssätt för att kunna anpassa sig till den tvingande lagen GDPR. Vi ser att de mest effektiva implementeringar av GDPR har skett meden väl fungerande kommunikation, med rätt typ av ledarskap och med fungerande rutinförändringar.

Abstract [en]

The personal data management has for a long time been handled under the personal data law, but has since May 2018 been replaced by the new data regulation protection regulation GDPR. The purpose of this new is to protect people’s integrity, and the law creates new requirements for how organisations may use personal information such as name, address, telephone number, and social security code. Since GDPR is an imperative law, all organisations in the EU must fulfil its requirements, and to do that some type of adaptation must be done. This study aims to find out how the implementation of GDPR has been handled in Swedish organisations that works in the consumer market. This study will deal with organisations communication, both internally and externally, and also leadership and routines, to try to understand how three different organisations have choose to implement the new imperative law. This is an explorative study with and abductive approach, and a qualitative method has been used to gather data. Three organisations have been studied and six interviews has been conducted, where one of the interviewed from each organisation were from the management and one were from the employees. Our result suggests that organisations can implement GDPR in different ways. The three organisations have implemented GDPR with the common feature that they have all updated their routines and work procedure to be able to adapt to the new imperative GDPR law. We can see that the most effective implementations of GDPR is because of a well working communication, the right type of leadership, and a functioning change in routines.

Place, publisher, year, edition, pages
2019. , p. 35
Keywords [en]
GDPR, General Data Protection Regulation, Organizational change, Communication, Leadership, Routines
Keywords [sv]
GDPR, General Data Protection Regulation, Organisationsförändring, Kommunikation, Ledarskap, Rutiner
National Category
Business Administration
Identifiers
URN: urn:nbn:se:hv:diva-14268Local ID: EXC504, EXC514OAI: oai:DiVA.org:hv-14268DiVA, id: diva2:1339752
Subject / course
Business administration
Educational program
Ekonomprogrammet
Supervisors
Examiners
Available from: 2019-08-20 Created: 2019-07-31 Last updated: 2019-08-20Bibliographically approved

Open Access in DiVA

No full text in DiVA

By organisation
Division of Business Administration
Business Administration

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf