General Data Protection Regulation: Preparing HR for Change
Ndiili-Ronkainen, Heidi (2018)
2018
Julkaisun pysyvä osoite on
http://urn.fi/URN:NBN:fi:amk-201803073116
http://urn.fi/URN:NBN:fi:amk-201803073116
Tiivistelmä
The European General Data Protection Regulation (GDPR) replaces the outdated Data Pro-tection Directive that was introduced in 1995 by the European Parliament. The new directive will be stricter than the earlier one. The General Data Protection Regulation is a legal outline for organizations that gather and process the personal data of European residents. The regu-latory framework provides people with the right to data confidentiality and principles for pro-cessing personal data, while also imposing hefty fines for organizations that fail to comply with the law.
The aim of this thesis is to look at how the case company´s subsidiaries´ Human Resource departments are prepared to implement the new legislation. The focus is on whether the sub-sidiary group companies´ HR managers are taking the necessary steps to move towards adopting the General Data Protection Regulation that was set by the European Parliament and Council for storing personal data by 25 May 2018. The study will also identify the procedures that need to be developed to comply with the regulation through content analysis.
The questionnaire was created together with the commissioning company's thesis supervisor to ensure a clear structure that provides coherent results. The study was thus conducted through a qualitative research approach, utilizing methods such as questionnaires as a prima-ry source of information and secondary desk-top data research.
The findings show that the subsidiary group companies´ were not ready with the implementa-tion of the necessary processes towards GDPR compliance. As the case company is central-ising its operations, an action plan for HR´s policies and procedures is needed towards GDPR compliance. The HR is recommended to audit its data in order to understand what documents, policies and procedures are currently compliant with the GDPR.
The aim of this thesis is to look at how the case company´s subsidiaries´ Human Resource departments are prepared to implement the new legislation. The focus is on whether the sub-sidiary group companies´ HR managers are taking the necessary steps to move towards adopting the General Data Protection Regulation that was set by the European Parliament and Council for storing personal data by 25 May 2018. The study will also identify the procedures that need to be developed to comply with the regulation through content analysis.
The questionnaire was created together with the commissioning company's thesis supervisor to ensure a clear structure that provides coherent results. The study was thus conducted through a qualitative research approach, utilizing methods such as questionnaires as a prima-ry source of information and secondary desk-top data research.
The findings show that the subsidiary group companies´ were not ready with the implementa-tion of the necessary processes towards GDPR compliance. As the case company is central-ising its operations, an action plan for HR´s policies and procedures is needed towards GDPR compliance. The HR is recommended to audit its data in order to understand what documents, policies and procedures are currently compliant with the GDPR.