Att vara, eller icke vara, GDPR kompatibel : En kvalitativ studie om arbetet med att efterleva de krav GDPR ställer

Sammanfattning: The General Data Protection Regulation (GDPR) is highly current today when the law comes into force one month after our study is completed. The GDPR aims to create a unified regulation for people within the European Union's personal data. The uncertainty about what the GDPR will entail is high and there is a general concern in the corporate world about what happens on May 25, 2018. This has given us a unique opportunity to investigate how companies work to adapt to the GDPR and create a current situation analysis of it. Previous research on the GDPR is very limited and has focused primarily on what changes the law brings, as well as how it should be implemented. Research about the challenges that occurred during the implementation has not been done before. We conducted a case study where we interviewed two people in two different organizations. These people both work with the implementation of the GDPR. Using these interviews, we were able to find the primary challenges in implementing the requirements of GDPR in an organization's existing systems. We performed the work of the research abductively, which meant we worked iteratively with the information we found in our empirical evidence and earlier research. In conclusion, we found that there are mainly three major issues regarding the implementation of the GDPR; communication difficulties, resource-intensive work and that the change is extensive. There is no simple solution to these problems, but with previous research we have found a number of factors that can make it easier for companies to become compliant. In order to improve communication, we recommend introducing a communication plan. The communication plan creates order and gives both parties in the conversation a chance to think about what is important in the conversation, potential obstacles and how these can be prevented. We also concluded that a prioritization of the work is to be recommended as well as a project plan. By prioritizing and implementing a project plan, it will create a system and structure of the work. It clarifies what needs to be done, when it is to be performed and how. As our study has shown, the work to reach compliance with GDPR is both extensive and resource-intensive which is why we believe that companies have much to earn by following the recomendations our study has produced.