The GDPR and its Impact on Personal Data Management

Andreas Boris Hald & Carsten Leth Svaneborg

Student thesis: Master thesis

Abstract

In a world of an ever changing regulatory environment, companies are finding themselves under increasing regulatory pressure. Most recently the European Union passed the General Data Protection Regulation (GDPR), which seeks to improve and standardise the data protection and privacy of European citizens. We investigate how these standardisations promote personal data management processes outsourcing for financial institutions. Using an explanatory case study approach with multiple larger financial institutions, this thesis qualitatively examines how the GDPR has affected outsourcing of personal data management. Using theories from the Transaction Cost Economics field, we have developed a conceptual framework which aims to illuminate the previously unexplored field of regulatory outsourcing. Through semi-structured interviews with experts from Danske Bank, Jyske Bank, Nordea and Nykredit we have explored how the GDPR affects outsourcing decisions in larger financial institutions. Through our analysis, we explored the impact of the GDPR on transaction properties such as asset specificity and uncertainty. We saw that asset specificity has appeared to decrease, however not the the point where the market becomes more efficient than internal production. A possible explanation for the lack of outsourcing could be the increased level of uncertainty, which we also observed. Conclusively, the findings revealed that the GDPR has had no effect on outsourcing for large financial institutions and we observed that it had little to no effect on the decision to outsource.

EducationsMSc in Business Administration and Information Systems, (Graduate Programme) Final Thesis
LanguageEnglish
Publication date2018
Number of pages127
SupervisorsJonas Hedman