GDPR is a data regulation taken into use on the 25th of May 2018 and its shortening stands for General Data Protection Regulation. This regulation replaces the data protection directive from the year 1995. The purpose of the regulation is defined as to partly have a harmonization between the states within the EU and simultaneously it strives to strengthen the protection of integrity for physical persons inside the EU. The data regulation only applies in states within the EU which means that people living outside of it are not affected by the regulation.

Practically the implementation of the GDPR in an organization requires that they can inform how they are dealing with personal data, what data exactly and the purpose of dealing with it.

The Erikssons company has ordered me to create a framework containing routines for how to deal with personal data according to the GDPR and to also conduct a risk assessment to be able to easily understand and implement the GDPR in practice. The purpose of this thesis is to understand the GDPR as well as possible concerning how this regulation will be applied and to help Erikssons with applying it in an easily understandable way.