G4 Doctoral dissertation (monograph)
Tapaustutkimus : tiedolla johtaminen kansainvälisten pilvipalveluiden tietosuojatyössä (2024)
Case study : managing with information in the data protection work of international cloud services


Immonen, A. (2024). Tapaustutkimus : tiedolla johtaminen kansainvälisten pilvipalveluiden tietosuojatyössä [Doctoral dissertation]. Jyväskylän yliopisto. JYU Dissertations, 774. https://urn.fi/URN:ISBN:978-952-86-0128-9


JYU authors or editors


Publication details

All authors or editorsImmonen, Aapo

eISBN978-952-86-0128-9

Journal or seriesJYU Dissertations

eISSN2489-9003

Publication year2024

Number in series774

Number of pages in the book1 verkkoaineisto (173 sivua)

PublisherJyväskylän yliopisto

Place of PublicationJyväskylä

Publication countryFinland

Publication languageFinnish

Persistent website addresshttps://urn.fi/URN:ISBN:978-952-86-0128-9

Publication open accessOpenly available

Publication channel open accessOpen Access channel


Abstract

This doctoral research is a constructive case study on the perceptions of the different manager levels working in the Finnish government administration, particularly at the Government ICT Centre Valtori regarding data privacy issues.
In recent years, there has been critical discussion in the Finnish public administration about whether the cloud services being used meet the requirements of the EU General Data Protection Regulation (GDPR). Similar discussions have been actively taking place across the European Union member states as well. Based on recent international news coverage, this issue is highly relevant and significant. This debate led to the consideration of the required expertise to achieve privacy by design-based personal data processing when using cloud services, as well as the level of privacy maturity in government administration. This led to the research question: Does the level of data protection competence among different management levels in the target organization, Val-tori, meet the requirements of the EU General Data Protection Regulation? The hypothesis of the study is that experts in different management positions within the target organization can derive meaningful information from the information security domain to support compliant privacy by design work in their professional roles. The study concludes that the hypothesis is not true. Two separate studies were conducted to answer the research question, spanning from 2019 to 2022. The first study employed a quantitative approach, where representatives from different management levels at Valtori were asked to provide their opinions on statements regarding data privacy. The second study, qualitative in nature, involved interviews with data protection experts working in government administration as well as technical security experts in commercial ICT service production. The aim of combining these different re-search approaches, known as triangulation, was to achieve a comprehensive and reliable understanding of the phenomenon under examination.
Based on the new knowledge obtained, a constructive operational model for privacy work is developed in the study, which has not been previously presented in the literature. This model supports data protection work concerning cloud services within the framework of information-driven management theory.


Keywordscloud servicesknowledge-based managementdata protectioncentral governmentmanagers and executives

Free keywordscloud services; knowledge management; privacy by design


Contributing organizations


Ministry reportingYes

VIRTA submission year2024


Last updated on 2024-03-07 at 20:06