Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
A case study on managing customer data to comply with GDPR
Karlstad University, Faculty of Arts and Social Sciences (starting 2013), Karlstad Business School (from 2013).
2019 (English)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

Abstract This bachelor thesis paper presents a case study on the technical actions undertaken by a company in order to manage its customers’ personal information in compliance to GDPR (General data protection regulation), a law that was introduced on the 25th May of 2018. GDPR imposes strict responsibilities on the companies dealing with personal information. Therefore, companies located in EU or handling personal information of EU citizen have to review and update their information handling process to comply according to the law. Companies failing to comply with GDPR can be subject to heavy penalty. This paper presents an in-depth picture of how a small company which is quite reliant on data processing adapts itself to the GDPR era when handling their customer’s personal data. The Order Department and the Technical Department within the case company, where most of the customer’s personal information is handled, were studied for this thesis. In conclusion, this case study identified seven different measures that the company undertook to comply with GDPR including periodical deletion of email letters, using separate email addresses for company internal messages, and tight restrictions on who can access what data. Moreover, two major challenges were identified: time and legacy. Time, because a small sized company cannot set off one staff to deal with everything related to GDPR but instead everyone has to take this regulation into consideration. The second challenge is legacy, because data routines before the GDPR were not strict.

Place, publisher, year, edition, pages
2019. , p. 33
Keywords [en]
GDPR, Personal data, Data protection, Information system
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:kau:diva-71375Local ID: 823OAI: oai:DiVA.org:kau-71375DiVA, id: diva2:1291900
External cooperation
Talktelecom
Subject / course
Information Systems
Supervisors
Examiners
Available from: 2019-03-18 Created: 2019-02-26 Last updated: 2019-03-18Bibliographically approved

Open Access in DiVA

fulltext(1087 kB)334 downloads
File information
File name FULLTEXT01.pdfFile size 1087 kBChecksum SHA-512
b6483892fe2cd14af8138372d55fc658d175a9802ff178d3de82e3b5870049bf450a5821fb10c9448ea2f636ded72b72a01b21d96f0a667027cbe5aa2c9859f0
Type fulltextMimetype application/pdf

By organisation
Karlstad Business School (from 2013)
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 334 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 1540 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf