• Sofie Lykke Damgaard Nielsen
  • Dorthe Askov Jensen
Speciale, Kandidatuddannelsen
Abstract The aim of this thesis is to investigate what problem areas that arise in connection with the implementation of the new General Data Protection Regulation, GDPR, in an NGO and how an information specialist can contribute to the solution of these issues by using the records management lifecycle as the basis/foundation for the work. In order to investigate the similarities between the lifecycle and the GDPR the records management lifecycle based on Patricia C. Franks (2013) and ISO 15489 (2016) is used. Due to the globalization and the rapid technological development, the vast amount of information created has also resulted in an increase of the amount of personal data which is collected, managed and shared. This has created new challenges in regards to the protection of personal data. The method used to examine the above problem statement was based on a minor version of a traditional information audit. The information audit is based on the five principles from Buchanan & Gibb (1998, 2007, 2008). An audit checklist was created based on ISO 15489 and the GDPR and two qualitative interviews were conducted with three members of the staff in the chosen NGO. Furthermore an observational study was conducted as another qualitative method. The case study shows that the case company is lacking written policies and procedures for example an IT-policy, a records management policy, a migration policy, a retention plan and so forth. The cause of the lack of policies and procedures may be due to the case company’s challenges that concerns economical resources and time issues. The case company shows a lack of interest in regards to implementing a records management policy and the GDPR. This may be due to the case company being an NGO and thus having a main focus on helping vulnerable people and not on implementing the GDPR and records management. The thesis concludes that an information specialist with the help of the records management lifecycle is able to implement the GDPR successfully in the case company based on the information specialist’s competences. The competences include preparation and maintenance of policies and procedures regarding for example retention, IT and data processing agreements.
Udgivelsesdato30 jul. 2018
Antal sider111


  • GDPR, Records management, Informationsspecialist