Hur påverkas systemutvecklingsprocessen av implementeringen av GDPR

Sammanfattning: On May 25th 2018 a new general data protection regulation called GDPR took effect. The regulation contains rules regarding usage, storage and handling of data from individuals resident within The European Union. The new regulation caused big headlines regarding the impact GDPR would have on the affected enterprises and organizations. One aspect that hasn’t been mentioned considerably is how GDPR has and will affect the system development process. The difficulty with implementing GDPR has shown to have its origin in the fact that the regulation is fairly new which means that it’s still ambiguous and difficult to apply. That means that there has been room for different takes on GDPR and its rules which has contributed to various opinions on how GDPR should be implemented. The purpose of this thesis was to study how the implementation of GDPR has affected the system development process among enterprises and organizations. The method that has been used in the thesis is a qualitative interview study of two enterprises. The acquired data have been collected mainly from four interviewing persons, two from each enterprise. The data collected from the interviews has been analyzed with the method grounded theory. The conclusion of the thesis is that the system development process has been affected by the implementation of GDPR. The regulation is however not believed to affect the enterprises to the extent that any extensive restructuring has been necessary. Based on the result from the interviews it is rather believable that GDPR actually had a positive effect among the enterprises. The thesis also resulted in a model which illustrates the system development process and the aspects of GDPR considered to have a substantial effect.