• Barbro Kathrine Friis Studsgarth
This study examines how SMEs can uncover areas of improvement in relation to the requirements of complying with the EU General Data Protection Regulation. The main areas of importance for complying are in general awareness, information held, data subject’s rights and the lawfulness of processing the data. In addition to this incorporating data protection by design and appointing a DPO or GDPR lead is central. SMEs also need to look at data processing agreements and on whether they have an international perspective. Lastly, there are specific rules for children and consent. This study is based on a case study of the small company GAN Integrity that is primarily a processor and wished to have this aspect addressed. Based on an overall GDPR process a tool for GDPR assessment was applied. The tool that was selected, based on a comparative study, was proposed by the UK’s Information Commissioner’s Office. After conducting a data mapping and using the tool, areas of improvement was uncovered, and suggestions was made. The main areas that needed improvement was the approach to data processing, policies and general governance of data protection.
SpecialisationBusiness Development
Publication date30 Jun 2007
Number of pages83
External collaboratorComply
Anna Lykke Lundholm-Andersen al@ilab.dk
GAN Integrity
Martin Albertsen martin@ganintegrity.com
ID: 280534329