GDPR implementation, Case: Headpower Oy
Reini, Pasi (2019)
Reini, Pasi
2019
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-201904155045
https://urn.fi/URN:NBN:fi:amk-201904155045
Tiivistelmä
New General Data Protection Regulation (GDPR) of the European Union came into force on
25th of May 2018. Every organization processing personal data of EU citizens must comply
with the aforementioned regulation. The assigner organization for the research is
Headpower Oy which provides cloud services for energy sector companies. The
background for the research was the Headpower’s interest in complying with GDPR
regulation.
The first research problem was a gap with a knowledge whether there is a common model
that explains the needed steps for how to make a software meet the GDPR requirements.
The second research problem was to study the steps that need to be taken to make a
software GDPR compliant. The third research problem was about ensuring that a software
stays GDPR compliant in the future. The research method was systematic literature review,
which means that the searches were performed in the databases containing theses of
technical universities, universities and universities of applied sciences located in Finland.
The literature was Master’s theses and the selection of the literature was performed
against the predefined search criteria. The main goal of the literature review was to find
out if there is a model how to make the example software to meet the GDPR
requirements.
The previous surveys found in the literature review show that there is no common model
how to implement GDPR requirements into the example software. Instead of the common
model, small pieces of information can be found in the previous surveys. Headpower
performed GDPR implementation by checking what personal data there is in the system
and then implemented GDPR requirements into the example software.
25th of May 2018. Every organization processing personal data of EU citizens must comply
with the aforementioned regulation. The assigner organization for the research is
Headpower Oy which provides cloud services for energy sector companies. The
background for the research was the Headpower’s interest in complying with GDPR
regulation.
The first research problem was a gap with a knowledge whether there is a common model
that explains the needed steps for how to make a software meet the GDPR requirements.
The second research problem was to study the steps that need to be taken to make a
software GDPR compliant. The third research problem was about ensuring that a software
stays GDPR compliant in the future. The research method was systematic literature review,
which means that the searches were performed in the databases containing theses of
technical universities, universities and universities of applied sciences located in Finland.
The literature was Master’s theses and the selection of the literature was performed
against the predefined search criteria. The main goal of the literature review was to find
out if there is a model how to make the example software to meet the GDPR
requirements.
The previous surveys found in the literature review show that there is no common model
how to implement GDPR requirements into the example software. Instead of the common
model, small pieces of information can be found in the previous surveys. Headpower
performed GDPR implementation by checking what personal data there is in the system
and then implemented GDPR requirements into the example software.