The introduction of the General Data Protection Regulation (GDPR) in 2018 left European organizations with a lot of challenges. In order to keep compliance with the new law organizations had to adopt solutions for the lawful collection of data and consent, data protection impact assessments, data subject rights, and much more. The implementation of these obligations is not always trivial and many organizations struggle to find adequate solutions fitting their specific needs.
The goal of this thesis is to conduct a case study in one or more Norwegian organizations to find out which challenges they had to overcome in the face of the GDPR and how these challenges were solved. The results of this case study should then be analyzed and used to develop a tool to facilitate this process in the future.
Exemplary tasks include:
- Creation of a checklist of GDPR-induced obligations/requirements for organizations
- Creation of a catalog of solutions for these requirements
- Creation of questionnaire for organization(s)
- (Expert) interviews with organization(s)
- Documentation and analysis of measures and solutions introduced by organizations to meet the requirements of the GDPR
- Development of a tool to analyze and evaluate measures for GDPR compliance