The Effects of General Data Protection Regulation to the personal data management
Hartikainen, Lauri (2018)
2018
Tietojohtaminen
Talouden ja rakentamisen tiedekunta - Faculty of Business and Built Environment
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Hyväksymispäivämäärä
2018-10-03
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:tty-201809122292
https://urn.fi/URN:NBN:fi:tty-201809122292
Tiivistelmä
European parliament and council presented General Data Protection Regulation. The legislation defines personal data and provides new requirements for companies and organizations operating in the European Union or providing services to the citizens EU. This study examines how the implementation of GDPR affects to the personal data management.
The theory part of this study concentrates on the General Data Protection Regulation, data protection and implementation of legislation in companies and organizations. The aim was to survey the impact and needed actions of the change in the legislation. Also, related topics such as the hierarchical relationship of different legislation and implementation of intra-organizational policy was studied. As a result of theory part of this study, a list of requirements for policy implementation was founded.
The empiric part of the study was carried out as a case study. Employees of the company was interviewed to gain an understanding of the nature of the personal data processing in the company. By the results gained by the study, a record of processing of activities required by GDPR was formulated.
The theory part of this study concentrates on the General Data Protection Regulation, data protection and implementation of legislation in companies and organizations. The aim was to survey the impact and needed actions of the change in the legislation. Also, related topics such as the hierarchical relationship of different legislation and implementation of intra-organizational policy was studied. As a result of theory part of this study, a list of requirements for policy implementation was founded.
The empiric part of the study was carried out as a case study. Employees of the company was interviewed to gain an understanding of the nature of the personal data processing in the company. By the results gained by the study, a record of processing of activities required by GDPR was formulated.