Användarinvolvering för ökad medvetenhet : En studie om policyutvecklingsprocessen

Sammanfattning: Many organisations experience the new general data protection regulation (GDPR) as difficult to understand and are unsure as to how they should formulate and communicate a policy that is complied by the organisation's employees. ePrivacy is a separate regulation that works as a compliment to GDPR and makes the regulation even more complex. The purpose of this study is to identify recommendations to formulate policies that increases likelihood that the policy is complied by the organisation's employees. The study was conducted as a case study with a participating company. In this study a policy has been developed within the context of the GDPR and ePrivacythat was then used in interviews with employees of the participating company. This was done in order to research the policy development process and handling of policies in that company. With this research, the knowledge of factors within policy development that affect the employees likelihood to comply with and be aware of the organisation's policies will increase. The recommendations that are formulated as a result of the study may be usedby developers to increase the likelihood that the organisation's policies are complied with and that the employees are more aware of the policies. The recommendations of the study is that developers should take advantage of user involvement in the policy development process. This gives the employees their chance to affect their own work and their processes themselves which will increase their self efficacy and awareness of policies.