|dc.description.abstract||Purpose: This master thesis aims to identify the most important critical success
factors (CSFs) and barriers when implementing the GDPR, as well as how these
impacted the implementation in three companies within the banking and insurance
Design/methodology/approach: Multiple case study of three banking and
insurance companies. A total of 11 key participants was interviewed, in addition
to a survey with 30 respondents, where all were from the three companies.
Additional documents was provided by the companies.
Findings: The most important CSFs found were: Top management support,
sufficient resources put into the project, employees with sufficient competence on
the subject, having a core team that shares their expertise and recommendations,
starting early, and information and awareness regarding the GDPR and the
project. The most important barriers found were: complex issues and solutions,
gap between those who understand the law and those who are going to execute
the law, time pressure, difficulties with interpreting the regulation, and lack of
understanding the regulation and what it means for the business. How these
impacted the implementation of the GDPR was also discovered.
Implications: This research highlights three practical implications: first, it was
more important to focus on the barriers than the CSFs. Second, the CSFs and
barriers depend on each other by being intertwined due to the complex nature of
the project to ensure a successful implementation of GDPR. Third, which CSFs
and barriers the companies consider as important when implementing the project,
as well as when they are important, depend on what the companies consider as
their implementation process. This thesis also provides theoretical implications by
uncovering two CSFs and four barriers for GDPR implementation not identified
in previous research which provides extensive knowledge to this field.
Future research: Future research should focus on whether the identified CSFs
and barriers in this study differ between projects and industries, as well as rank
them in terms of importance. Moreover, future research should use other research
methods when investigating the findings in different contexts.
Key words: General Data Protection Regulation (GDPR), project
implementation, project success, critical success factors (CSFs), barriers, barriers
for implementation, CSFs to project implementation, project management,