Implementing the General Data Protection Regulation : The experiences of three Finnish organizations
Lamoureux, Sini (2020)
Lamoureux, Sini
Åbo Akademi
2020
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi-fe2020100477990
https://urn.fi/URN:NBN:fi-fe2020100477990
Tiivistelmä
This study investigates how three Finnish organizations have implemented the EU’s General Data Protection Regulation (GDPR). The GDPR was adopted by the European Council in April 2016 and entered into force on May 25th 2018. The research topics of the study are GDPR implementation, guidance and compliance.
The study’s literature review comprises a review of central concepts of the study, data protection legislation in Europe and in Finland, as well as a review of the GDPR. The focus of the GDPR review lies on data protection measures targeting data collecting and processing organizations. The GDPR itself and literature about the implementation make up the most important sources for the literature review.
The multiple-case study research approach is used as the study’s research method. The research design consists of three organizations, a Data Protection Officer (DPO) and an employee informed of the GDPR were interviewed. Qualitative interviews were used as a data collection method for the study. All in all, six interviews were made. The findings of the study are presented in case descriptions.
The results of the study show that the organizations have taken similar measures for implementing the GDPR. These are for example, the establishment of task forces, DPO’s attending courses held by external experts and GDPR guidance for employees. However, organizational actors influence the implementation of the GDPR. The main factors found were the access to time and resources for data protection activities and the organizational structure.
The study’s literature review comprises a review of central concepts of the study, data protection legislation in Europe and in Finland, as well as a review of the GDPR. The focus of the GDPR review lies on data protection measures targeting data collecting and processing organizations. The GDPR itself and literature about the implementation make up the most important sources for the literature review.
The multiple-case study research approach is used as the study’s research method. The research design consists of three organizations, a Data Protection Officer (DPO) and an employee informed of the GDPR were interviewed. Qualitative interviews were used as a data collection method for the study. All in all, six interviews were made. The findings of the study are presented in case descriptions.
The results of the study show that the organizations have taken similar measures for implementing the GDPR. These are for example, the establishment of task forces, DPO’s attending courses held by external experts and GDPR guidance for employees. However, organizational actors influence the implementation of the GDPR. The main factors found were the access to time and resources for data protection activities and the organizational structure.
Kokoelmat
- 512 Liiketaloustiede [433]