magistrsko delo
Avalon Ivanuša (Author), Simona Sternad (Mentor)

Abstract

Dolga leta je bilo varstvo podatkov obravnavano kot nadležna naloga, za katero so podjetja »morala« reči, da jo uspešno opravljajo, vendar pa v resnici niso za to niti mignila s prstom. Pravzaprav so to nalogo pogosto spregledala ali pa premalo financirala. S pojavom nove Splošne uredbe EU o varstvu podatkov (angleško »General Data Protection Regulation«; v nadaljevanju GDPR) se je vse to spremenilo. GDPR velja za enega najbolj razširjenih delov zakonodaje EU, pri čemer pa izdaja tako velike kazni, da si nobeno podjetje ne more več privoščiti, da bi ga prezrlo. GDPR razširi pojem »osebni podatki«, pri čemer pa postavlja uporabnika v središče varstva podatkov in njegove zasebnosti. Vsak prebivalec EU ima od zdaj naprej pravico do odločanja in upravljanja v zvezi s tem, kako se njegovi osebni podatki zbirajo, hranijo, uporabljajo, ščitijo, prenašajo in brišejo. V skladu z GDPR lahko uporabniki opustijo skupno rabo osebnih podatkov, prepovejo njegovo nadaljnjo obdelavo in zahtevajo, da se jim vsi podatki pošljejo v berljivi obliki ali pa v celoti izbrišejo iz sistema. Skladnost z GDPR-jem zahteva, da velika podjetja v celoti pregledajo svoje zbiranje podatkov, uporabo in varnostne prakse, kadar gre za velike količine podatkov uporabnikov. To pa od njih zahteva, da ustvarijo učinkovit okvir za upravljanje podatkov, izvedejo revizije, zaposlijo specializirano osebje, organizirajo usposabljanje osebja in tečaje strokovnega razvoja, da se zagotovi, da ima vsak član podjetja jasno razumevanje načel in zahtev GDPR-ja. Na poti do izpolnjevanja vseh zahtev pa se bodo podjetja zagotovo srečevala s številnimi informacijskimi problemi in izzivi, ki jih bodo morala sproti reševati. Dejstvo je, da živimo v digitalni dobi, kjer so osebni podatki uporabnikov zelo pomembni za podjetja, zlasti v panogah, ki jih vodijo podatki o strankah (npr. platforme družbenih medijev). Zaradi novega pomena osebnih podatkov in njegove uporabe se zavest o zasebnosti podatkov povečuje med ljudmi, zato je dobro upravljanje zasebnosti podatkov izjemno pomembno tako za podjetja kot za stranke. Samo magistrsko delo smo razdelili na dva dela, in sicer na teoretični in praktični del. V teoretičnem delu smo se osredotočili na opredelitev zasebnosti in varnosti podatkov, definiranje nove uredbe ter kakšne spremembe in novosti prinaša s sabo, kaj to pomeni za velika podjetja, kot sta npr. Facebook in Apple in kako so informacijske rešitve skladne s samim GDPR-jem. V praktičnem delu pa smo predstavili, kako se je izbrano start-up podjetje Databox pripravljajo na uvedbo nove uredbe.

Keywords

osebni podatki;varstvo podatkov;varstvo osebnih podatkov;zakonodaja;GDPR;poslovna informatika;internet;

Data

Language: Slovenian
Year of publishing:
Typology: 2.09 - Master's Thesis
Organization: UM EPF - Faculty of Economics and Business
Publisher: [A. Ivanuša]
UDC: 342.738:004(043.2)
COBISS: 13421340 Link will open in a new window
Views: 826
Downloads: 133
Average score: 0 (0 votes)
Metadata: JSON JSON-RDF JSON-LD TURTLE N-TRIPLES XML RDFA MICRODATA DC-XML DC-RDF RDF

Other data

Secondary language: English
Secondary title: Information challenges when implementing General Data Protection Regulation
Secondary abstract: For years, data protection was viewed as an annoying task that companies »had to« say that they were successfully doing, but, they did not even lift a finger. In fact, they have often overlooked or underfunded this task. With the advent of the EU General Data Protection Regulations, all that changed. GDPR is one of the most wide-ranging pieces of EU legislation to date and carries such significant penalties that no company can afford to ignore it. The GDPR broadens the term personal data and puts the user at the heart of data protection and privacy. Every EU resident will now have the rights to decide and manage how his or her personal data is being collected, stored, used, protected, transferred and deleted. Under GDPR the users can opt out of sharing personal data, forbid its further processing and request all data to be sent to them in a readable form or be erased completely from the system. GDPR compliance requires large enterprises to make a full review of their data collection, usage and security practices when it comes to substantial amounts of user data. This will require them to create an efficient data governance framework, perform audits, employ specialized personnel, organize staff training and professional development courses to ensure every team member has a clear understanding of the GDPR principles and requirements. As these companies take steps towards compliance, they will inevitably face challenges along the way. The fact is that we live in the digital era, where personal data is of high significance for companies, especially within customer data driven industries (e.g. social media platforms). Due to the new importance of personal data and its usage, the awareness for data privacy is increasing among people. Thus, good data privacy management is of high relevance for companies and customers. We have dived our master's thesis into two parts, namely theoretical and practical. In the theoretical part, we focused on defining data privacy and data security, defining the new GDPR regulation and what changes it brings with it, what that means for large companies, such as Facebook and Apple and basically how ERP and CRM solutions are GDPR compliant. In the practical part we have presented how the selected start-up company Databox has prepared for implementing the new regulation.
Secondary keywords: General Data Protection Regulation (GDPR);data security;personal data;privacy;information challenges;Databox;
Type (COBISS): Master's thesis/paper
Thesis comment: Univ. v Mariboru, Ekonomsko-poslovna fak.
Pages: V, 89 str.
ID: 11218194