Back to Search
Start Over
Položaj upravljavcev in obdelovalcev osebnih podatkov v kontekstu Splošne uredbe o varstvu podatkov
- Publication Year :
- 2018
-
Abstract
- V magistrskem delu so sistematično obravnavane določbe GDPR, pri čemer se analizira njihov vpliv na položaj upravljavcev in obdelovalcev osebnih podatkov. V prvem delu se skladno z GDPR opredeli pojem »osebnih podatkov« ter kriteriji, po katerih se subjekti, vključeni v obdelavo osebnih podatkov, razvrstijo v kategorijo upravljavcev ali obdelovalcev osebnih podatkov. Sledi pravna analiza temeljnih načel, katera morajo upravljavci in obdelovalci osebnih podatkov pri obdelavah osebnih podatkov spoštovati, in sicer so izpostavljena načelo zakonitosti, pravičnosti in preglednosti, načelo omejitve namena, načelo najmanjšega obsega podatkov ter novo uzakonjeno načelo odgovornosti. V nadaljevanju se razišče, katere pravice lahko posameznik, na katerega se nanašajo osebni podatki, uveljavlja zoper upravljavce osebnih podatkov, pri čemer se podrobneje analizira ureditev novo uzakonjenih pravic, kot so t.i. pravica do pozabe ter pravica do prenosljivosti podatkov. V osrednjem delu se predstavijo nove obveznosti upravljavcev in obdelovalcev osebnih podatkov, kot so obveznosti vgrajenega in privzetega varstva osebnih podatkov, dokumentiranje obdelav, uradno obvestilo nadzornemu organu o kršitvi varnosti osebnih podatkov, izdelava ocen učinka ter imenovanje pooblaščenih oseb za varstvo podatkov. Analizira se tudi, kakšne sankcije lahko potencialno zadenejo upravljavce in obdelovalce osebnih podatkov v primeru neskladnosti z GDPR. V tem delu se potrdi prva hipoteza, da je GDPR zaostrila položaj upravljavcev in obdelovalcev osebnih podatkov, saj vzpostavitev skladnosti z GDPR od njih zahteva obsežno revizijo in pregled trenutne prakse, neprestano spremljanje tveganj dejanj izvedenih obdelav, vpeljavo mnogih mehanizmov za varnost osebnih podatkov, znatne finančne investicije ter vlaganje v razvoj in izobraževanje zaposlenih. V zadnjem delu se obravnava praktični pristop k implementaciji in izvrševanju navedenih ukrepov, ki ga določa GDPR, in sicer pristop na podlagi tveganj. V povezavi s tem se potrdi druga hipoteza, saj se navedeni pristop predstavi kot primeren za področje zagotavljanja varnosti osebnih podatkov, ker igra ključno vlogo pri zagotavljanju, da je GDPR tehnološko nevtralna zakonodaja. The present master's thesis represents crucial GDPR provisions, focusing on the analysis of their impact on the controllers and processors of personal data. In the first part of the master's thesis, the wide definition of »personal data« is explained and the criteria under which the subjects, engaged in the personal data processing, are characterized as controllers or processors, is being represented. This is followed by a detailed analysis of the basic principles relating to processing of personal data, such as principles of lawfulness, fairness and transparency, purpose limitation, data minimization and accountability. Furthermore, it is analyzed which rights the data subjects have and a detailed analysis of the newly enacted right to be forgotten and right to data portability is conducted. In the main part of the master's thesis, the newly enacted responsibilities of the controllers and processors are being analyzed, such as the concept of data protection by design and by default, maintenance of the records of processing activities, notification of a personal data breach to the supervisory authority, data protection impact assessment and designation of the data protection officer. Moreover, it is examined what kind of fines the controllers and processors could be facing in case they are not compliant with GDPR. In connection to this, the first hypothesis is confirmed, as it is concluded that GDPR has severely impacted the controller’s and the processor’s situation, since compliance with GDPR demands an extensive revision and review of current practices, constant risk assessment, implementation of various measures for the safety of personal data, significant financial investment and further education of the employees. In the last part of the master's thesis, the practical risk-based approach to the implementation and execution of the mentioned GDPR provisions is represented. In this regard, the second hypothesis is also confirmed, as it is concluded that risk-based approach is appropriate for the protection of personal data, since it is the key factor in establishing GDPR as the technology neutral legislation.
- Subjects :
- pravica do prenosljivosti
upravljavec
pooblasščena oseba za varstvo podatkov
data protection impact assessment
data processor
risk-based approach
accountability
data protection officer
ocena učinka
načelo odgovornosti
right to data portability
obdelovalec
GDPR
data controller
pristop na podlagi tveganj
Subjects
Details
- Language :
- Slovenian
- Database :
- OpenAIRE
- Accession number :
- edsair.od......3505..e6693d0de4a7540ff99c156390fb4b14