The EU General Data Protection Regulations and their consequences on computer system design

Sammanfattning: As of writing this thesis, the EU’s new data protection laws (GDPR) will start to apply within one year. The new regulations are poorly understood by many and rumours of varying accuracy are circling the IT industry. This thesis takes a look at the parts of the GDPR concerning system design and architecture, clarifying what they mean and their consequences for system design. The new regulations are compared to the old data protection laws (Directive 95/46/EC), showing how companies must alter their computer systems in order to adapt. Using evaluations of the old data protection laws predictions are made for how the GDPR will affect the IT industry going forward. One of the more important questions are what tools are available for companies when adapting to privacy protection regulations and threats. This thesis aims to identify the most common processes for this kind of system modification and compare their effectiveness in relation to the GDPR.