Hur påverkas svensk systemförvaltning av GDPR? : En explorativ studie av tysk informationssäkerhetspraktik

Sammanfattning: Today, personal data is used to generate added value for organizations. Consequently, misuse of private data is not surprising. The upcoming implementation of General Data Protection Regulation (GDPR) is an attempt to restrict the exploitation of private data. In contrast to the current privacy law, GDPR will be more adjusted to the conditions of the contemporary society. System maintenance is at the core of privacy issues since information is stored in the systems. Based on Germany’s already established strict privacy regulation mirrored in GDPR, Germany is used as a source of comparison for the purpose of this study. Through a qualitative approach of system maintenance and GDPR, we analyze different strategies to comprehend the complexity in information security regarding privacy data. Based on our study we present four distinct contributions; first, concrete suggestions to consider in order to successfully handle personal information; second, a recognition of an organizational perspective on information security; third, we provide empirical evidence of how the field of system maintenance has evolved over time; fourth, a methodological contribution on how to study upcoming effects.