Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
A Framework for GDPR Compliance for Small- and Medium-Sized Enterprises
University of Skövde, School of Informatics. University of Skövde, The Informatics Research Centre. (Informationssystem (IS), Information Systems)
2019 (English)In: European Journal for Security Research, ISSN 2365-0931, E-ISSN 2365-1695, Vol. 4, no 2, p. 243-264Article in journal (Refereed) Published
Abstract [en]

The EU’s General Data Protection (GDPR) is an EU regulation that affects everyone in the EU and all organisations outside the EU that wants to do business with the EU. GDPR introduces tougher requirements for processing personal data, which may be difficult for many small- and medium-sized enterprises (SMEs) to follow without major adjustments. This work uses design science to develop a framework for SMEs to adapt to GDPR. The framework was empirically evaluated in three different types of organisations, resulting of GDPR compliance according to their Data Protection Officers. It was also theoretical evaluated against scientific literature including the identified implications of GDPR. In this paper the framework is presented, from initial analysis and design to implementation and future work, with advice on how to work with each part to achieve compliance. The paper also highlights some of the most important changes in GDPR compared to its predecessor, Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (DIR95).

Place, publisher, year, edition, pages
Springer, 2019. Vol. 4, no 2, p. 243-264
Keywords [en]
General Data Protection Regulation, GDPR, Information management, SME, SMEs, information security
National Category
Information Systems
Research subject
INF303 Information Security; Information Systems
Identifiers
URN: urn:nbn:se:his:diva-17874DOI: 10.1007/s41125-019-00042-zOAI: oai:DiVA.org:his-17874DiVA, id: diva2:1369196
Available from: 2019-11-11 Created: 2019-11-11 Last updated: 2019-11-11Bibliographically approved

Open Access in DiVA

fulltext(980 kB)10 downloads
File information
File name FULLTEXT01.pdfFile size 980 kBChecksum SHA-512
2454be3cf7b331415192a143586b67ea33dcae944a808578b560d9384370f1d5ffc83b7432d6996464ec42ac46b99851d628a2cdb65d443a918ce90baa52f7b5
Type fulltextMimetype application/pdf

Other links

Publisher's full text

Search in DiVA

By author/editor
Brodin, Martin
By organisation
School of InformaticsThe Informatics Research Centre
In the same journal
European Journal for Security Research
Information Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 10 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 123 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf