magistrsko delo
Abstract
V magistrskem delu so sistematično obravnavane določbe GDPR, pri čemer se analizira njihov vpliv na položaj upravljavcev in obdelovalcev osebnih podatkov. V prvem delu se skladno z GDPR opredeli pojem »osebnih podatkov« ter kriteriji, po katerih se subjekti, vključeni v obdelavo osebnih podatkov, razvrstijo v kategorijo upravljavcev ali obdelovalcev osebnih podatkov. Sledi pravna analiza temeljnih načel, katera morajo upravljavci in obdelovalci osebnih podatkov pri obdelavah osebnih podatkov spoštovati, in sicer so izpostavljena načelo zakonitosti, pravičnosti in preglednosti, načelo omejitve namena, načelo najmanjšega obsega podatkov ter novo uzakonjeno načelo odgovornosti. V nadaljevanju se razišče, katere pravice lahko posameznik, na katerega se nanašajo osebni podatki, uveljavlja zoper upravljavce osebnih podatkov, pri čemer se podrobneje analizira ureditev novo uzakonjenih pravic, kot so t.i. pravica do pozabe ter pravica do prenosljivosti podatkov. V osrednjem delu se predstavijo nove obveznosti upravljavcev in obdelovalcev osebnih podatkov, kot so obveznosti vgrajenega in privzetega varstva osebnih podatkov, dokumentiranje obdelav, uradno obvestilo nadzornemu organu o kršitvi varnosti osebnih podatkov, izdelava ocen učinka ter imenovanje pooblaščenih oseb za varstvo podatkov. Analizira se tudi, kakšne sankcije lahko potencialno zadenejo upravljavce in obdelovalce osebnih podatkov v primeru neskladnosti z GDPR. V tem delu se potrdi prva hipoteza, da je GDPR zaostrila položaj upravljavcev in obdelovalcev osebnih podatkov, saj vzpostavitev skladnosti z GDPR od njih zahteva obsežno revizijo in pregled trenutne prakse, neprestano spremljanje tveganj dejanj izvedenih obdelav, vpeljavo mnogih mehanizmov za varnost osebnih podatkov, znatne finančne investicije ter vlaganje v razvoj in izobraževanje zaposlenih. V zadnjem delu se obravnava praktični pristop k implementaciji in izvrševanju navedenih ukrepov, ki ga določa GDPR, in sicer pristop na podlagi tveganj. V povezavi s tem se potrdi druga hipoteza, saj se navedeni pristop predstavi kot primeren za področje zagotavljanja varnosti osebnih podatkov, ker igra ključno vlogo pri zagotavljanju, da je GDPR tehnološko nevtralna zakonodaja.
Keywords
GDPR;upravljavec;obdelovalec;načelo odgovornosti;pravica do prenosljivosti;pooblaščena oseba za varstvo podatkoov;ocena učinka;pristop na podlagi tveganj;magistrske diplomske naloge;
Data
Language: |
Slovenian |
Year of publishing: |
2018 |
Typology: |
2.09 - Master's Thesis |
Organization: |
UL PF - Faculty of Law |
Publisher: |
[M. Pleško] |
UDC: |
342.7:347(043.2) |
COBISS: |
16579409
|
Views: |
939 |
Downloads: |
368 |
Average score: |
0 (0 votes) |
Metadata: |
|
Other data
Secondary language: |
English |
Secondary title: |
Data controller and data processor position in the context of General Data Protection Regulation |
Secondary abstract: |
The present master's thesis represents crucial GDPR provisions, focusing on the analysis of their impact on the controllers and processors of personal data. In the first part of the master's thesis, the wide definition of »personal data« is explained and the criteria under which the subjects, engaged in the personal data processing, are characterized as controllers or processors, is being represented. This is followed by a detailed analysis of the basic principles relating to processing of personal data, such as principles of lawfulness, fairness and transparency, purpose limitation, data minimization and accountability. Furthermore, it is analyzed which rights the data subjects have and a detailed analysis of the newly enacted right to be forgotten and right to data portability is conducted. In the main part of the master's thesis, the newly enacted responsibilities of the controllers and processors are being analyzed, such as the concept of data protection by design and by default, maintenance of the records of processing activities, notification of a personal data breach to the supervisory authority, data protection impact assessment and designation of the data protection officer. Moreover, it is examined what kind of fines the controllers and processors could be facing in case they are not compliant with GDPR. In connection to this, the first hypothesis is confirmed, as it is concluded that GDPR has severely impacted the controller’s and the processor’s situation, since compliance with GDPR demands an extensive revision and review of current practices, constant risk assessment, implementation of various measures for the safety of personal data, significant financial investment and further education of the employees. In the last part of the master's thesis, the practical risk-based approach to the implementation and execution of the mentioned GDPR provisions is represented. In this regard, the second hypothesis is also confirmed, as it is concluded that risk-based approach is appropriate for the protection of personal data, since it is the key factor in establishing GDPR as the technology neutral legislation. |
Secondary keywords: |
data controller;data processor;accountability;right to data portability;data protection officer;data protection impact assessment;risk-based approach; |
Type (COBISS): |
Master's thesis/paper |
Study programme: |
0 |
Embargo end date (OpenAIRE): |
1970-01-01 |
Thesis comment: |
Univ. v Ljubljani, Pravna fak. |
Pages: |
64 f. |
ID: |
10994683 |