his.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Dataskyddsförordningen GDPR:S påverkan på befintliga informationssystem: En studie om hur befintliga informationsystem påverkas av GDPR, med fokus på Privacy by Design
University of Skövde, School of Informatics.
2018 (Swedish)Independent thesis Basic level (degree of Bachelor), 20 credits / 30 HE creditsStudent thesisAlternative title
The General Data Protection Regulation's effect on existing information systems : A study on the effect of GDPR on existing information systems, with focus on Privacy by Design (English)
Abstract [sv]

Denna studie har undersökt hur den nya dataskyddsförordningen GDPR påverkar befintliga informationssystem. Genom arbetet har ett fokus även legat på metoden Privacy by Design och hur väl den uppfylls.GDPR ersätter Personuppgiftslagen i Sverige och innebär även att Missbruksregeln försvinner. Denna förändring kan tänkas resultera i större utmaningar för många företag, eftersom de krav som ställs är högre än tidigare. GDPR innebär ett utökat skydd för den personliga integriteten och ger EU:s medborgare fler rättigheter gällande hur personuppgifter bör behandlas. I och med att många befintliga informationssystem ej skapats med hänsyn till mycket av det GDPR ställer krav på, finns en trolig riskatt flera befintliga informationssystem blir svåra att uppdatera för att vara i linje med förordningen. Då GDPR även inkluderar krav med relevans till metoden Privacy by Design, är det troligt att företag som bättre uppfyller Privacy by Design även kan vara bättre i linje med GDPR. Från de deltagande respondenterna framgick det att en majoritet av de sju grundläggande principerna inom Privacy by Design uppfylls. Viss avsaknad kunde dock ses beroende på vilken organisation eller informationssystem det gällde. Vad som ansågs mest utmanande med dataskyddsförordningen uttryckte samtliga respondenter var förståelse av innebörd och intention med förordningstexten. Gällande vad som upplevdes som det tekniskt mest utmanande kunde mönster identifieras för ett antal krav. De krav som identifierades som väsentliga för befintliga informationssystem att anpassas efter, samt vilka principer inom Privacy by Designsom bättre uppfylldes, låg sedan i grund till en checklista. Checklistan blirett redskapsom ger en riktning för hur dessa punkter kan bemötas.

Abstract [en]

This study has examined how the new data protection regulation GDPR affect existing information systems. The study has had a focus on the method Privacy by Design and how well its principles are fulfilled by different companies. In Sweden, the GDPR will replace the personal data act, ‘Personuppgiftslagen’. This change may result in greater challenges for companies since the requirements of GDPR are higher than they were before. The GDPR means a greater protection of privacy and it gives EU citizens more rights regarding how their personal data should be processed. Many of the older, existing information systems weren’t created with regards to what GDPR demands. It is possible that this creates a risk for several existing information systems not being compliant with the regulation, because of difficulties in updating the systems. The GDPR also includes requirements related to Privacy by Design, and it is likely that companies that better meet the Privacy by Design principles are better compliant with the GDPR. From the participating respondents, it was shown that a majority of the seven fundamental principles of Privacy by Design are met. However, an absence of some principles could be seen depending on the organisation or information system. The most challenging aspect of the GDPR according to all respondents was to understand the meaning and intent of the regulation. Regarding what was perceived as the most challenging technical aspect of the GDPR, there were patterns for several requirements from the regulation. The requirements that were considered the essential ones for existing information systems to adapt to, as well as the principles that were better fulfilled were the factors the checklist was based on. The checklist can serve as a tool that provides a direction for how the identified issues can be addressed.

Place, publisher, year, edition, pages
2018. , p. 82
Keywords [en]
General Data Protection Regulation, Privacy by Design, integrity, checklist
Keywords [sv]
Dataskyddsförordningen, General Data Protection Regulation, Privacy by Design, integritet, checklista
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:his:diva-15606OAI: oai:DiVA.org:his-15606DiVA, id: diva2:1218786
Subject / course
Information Systems Development
Educational program
Information Systems - Enterpise Information Management
Supervisors
Examiners
Available from: 2018-06-19 Created: 2018-06-14 Last updated: 2018-06-19Bibliographically approved

Open Access in DiVA

fulltext(937 kB)16 downloads
File information
File name FULLTEXT01.pdfFile size 937 kBChecksum SHA-512
29fb5e13cd065091526c7898d271a13269e11daaf613a5547b04fa429cc1985707ce42514459ac6ae907676afb6eb8e20c2d3b876b32336ba33c209811864ffa
Type fulltextMimetype application/pdf

By organisation
School of Informatics
Computer Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 16 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 45 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf