Change search
ReferencesLink to record
Permanent link

Direct link
Perceptions on an effective Compliance Management System: An approach to compliance with EU Data Regulations
Jönköping University, Jönköping International Business School, JIBS, Informatics.
2016 (English)Independent thesis Advanced level (degree of Master (Two Years)), 80 credits / 120 HE creditsStudent thesis
Abstract [en]

The purpose of this thesis is, through an exploratory study, to examine how organizations can effectively comply with data regulations.  The following are the research questions: What are the elements of an effective compliance management system? In light of the elements of an effective compliance management system, how are organizations complying with EU data regulations? A holistic multiple case study approach was implemented where four companies with services handling personally identifiable information were interviewed and then requested to participate in a Likert scale questionnaire to find points of consensus.


Based on literature the elements of an effective compliance management system were shortlisted. These elements are policies and procedures; communicate and train; culture; respond to incidents and prevent future incidents; resources; incentives and rewards; exercise due diligence to prevent and detect criminal conduct; governance; objectivity; risk management; prohibited persons; monitoring and auditing program effectiveness; ethics. Based on the interviews and questionnaire, organizations were not systematically managing compliance with EU data regulations. Also, there was not an awareness of the regulations. There was a lack of understanding on the details of the regulations and a drive to comply with these regulations. It was noted that issues that do come about due to data protection were handled on the go. To summarize the interviewees, there is a reactive mentality instead of a proactive one towards compliance with data regulations.

From a regulator’s perspective, a means of including service providers in the process of data regulation may first help in creating awareness. On the note of awareness, it is necessary for organizations handling personally identifiable information to comply with the law. Again, this is not viewed as a priority for the organizations that have been interviewed or at least for organizations that are relatively small in size or in a startup phase.

The value provided by this thesis is in providing an aggregated view of the elements of an effective compliance management system.

Place, publisher, year, edition, pages
National Category
Information Systems, Social aspects
URN: urn:nbn:se:hj:diva-31603ISRN: JU-IHH-IKA-2-20160034OAI: diva2:956990
Subject / course
IHH, Informatics
2016-05-26, Jönköping, 11:00 (English)
Available from: 2016-09-05 Created: 2016-08-31 Last updated: 2016-09-05Bibliographically approved

Open Access in DiVA

fulltext(1621 kB)1 downloads
File information
File name FULLTEXT01.pdfFile size 1621 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Mulugeta, Bruke Mekuria
By organisation
JIBS, Informatics
Information Systems, Social aspects

Search outside of DiVA

GoogleGoogle Scholar
Total: 1 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 6 hits
ReferencesLink to record
Permanent link

Direct link