Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Compliance issues within Europe's General Data Protection Regulation in the context of information security and privacy governance in Swedish corporations: A mixed methods study of compliance practices towards GDPR readiness
Jönköping University, Jönköping International Business School, JIBS, Informatics.
2018 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

The European Union has introduced a new General Data Protection Regulation that regulates all aspects of privacy and data protection for the data of European citizens. To transition to the new rules, companies and public institutions were given two years to adapt their systems and controls. Due to the large area of changes the GDPR requires, many companies are facing severe problems to adapt the rules to be ready for enforcement. This marks the purpose of this study which is to look into compliance practices in the implementation of GDPR requirements. This includes a prospect of compliance mechanisms that may remain insufficiently addressed when the regulation comes into force on May 25, 2018. The study is conducted in Sweden and aims to investigate the situation in corporations and not in public institutions.

Mixed methods have been applied by surveying and interviewing Swedish GDPR experts and consultants to gain an understanding of their view by using capability maturity scales to assess a variety of security processes and controls. The analysis shows a low implementation in GDPR requirements while having seen improvements over the past two years of transition. It points out that a holistic strategy towards compliance is mostly missing and many companies face obstacles that are difficult to overcome in a short period. This may result in non-compliance in many Swedish corporations after the regulation comes into force on May 25.

Place, publisher, year, edition, pages
2018. , p. 48
Keywords [en]
GDPR, Privacy, Data Protection, Information Security, Privacy Governance, Information Governance, IS Governance, IT Governance, IT Compliance, GDPR Implementation, Privacy Regulation
National Category
Economics and Business
Identifiers
URN: urn:nbn:se:hj:diva-39809ISRN: ISRN: JU-IHH-IKA-2-20180076OAI: oai:DiVA.org:hj-39809DiVA, id: diva2:1213490
Subject / course
JIBS, Informatics
Supervisors
Examiners
Available from: 2018-08-21 Created: 2018-06-04 Last updated: 2018-08-21Bibliographically approved

Open Access in DiVA

fulltext(1867 kB)411 downloads
File information
File name FULLTEXT01.pdfFile size 1867 kBChecksum SHA-512
6494cb81adff66290163595f0df719e890927e127f48805347e4fb8ace3ed9e63f405368a7b1732e2b6356fe1d63e578024980c9141e35817385f1c45e7c2b78
Type fulltextMimetype application/pdf

By organisation
JIBS, Informatics
Economics and Business

Search outside of DiVA

GoogleGoogle Scholar
Total: 411 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 1636 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf