Den nya dataskyddsförordningens påverkan på företag : En flerfallsstudie om förändringsarbetet i samband med införandet av GDPR

Sammanfattning: On May 25th in 2018, the old EU directive that has been used as a guideline for data protection since 1995 was replaced. The new regulation, General Data Protection Regulation (GDPR) was implemented with a primary purpose to strengthen the rights of individuals and to give them greater control over their personal data. In general, the law involves changes for those who process personal data and strengthened rights of every individual's privacy. Change is a recurring element in every organization and how it's handled is crucial to the future of the company. This paper intends to investigate how change management can be applied in connection with the introduction of the new data protection regulation and how oganizations ensure compliance with changes. The interviews conducted in this paper has generated qualitative data and the result shows that there is a comprehensive conversion for companies of any size. Companies have an iterative approach regarding change managment and several changes have been required to reach full compliance with the law. To ensure compliance, companies have created an awareness of the law, educated all employees within their organization, and helped their employees apply the gained knowledge to their everyday work. However there are flaws companies may need to work on, which includes motivating employees to follow the newly implemented changes and use reinforcement to avoid returning to old habits.