Aleksander Potrč (Author), Mitja Horvat (Mentor)


Predmetno magistrsko diplomsko delo obravnava institut ocene učinka v zvezi z varstvom osebnih podatkov. Ocena učinka je proces prepoznave tveganj obdelave osebnih podatkov, na podlagi katerih upravljavec sprejme organizacijske in tehnične ukrepe za varstvo osebnih podatkov. K temu ga zavezuje tudi načelo odgovornosti, ki je temeljno vodilo upravljavcu glede skladnega delovanja ves čas postopka obdelave. Odgovoren odnos upravljavca do osebnih podatkov posameznikov, o katerih se obdelujejo podatki, je ključnega pomena za visoko raven varstva osebnih podatkov. Veliko povečanje količine in kakovost obdelave podatkov v digitalni dobi sta zahtevali sistemsko rešitev, ki bo zagotovila učinkovito varstvo pred zlorabami osebnih podatkov, kot so nepooblaščeni dostopi, množična razkritja in profiliranje. Aktualna ureditev varstva osebnih podatkov temelji na pristopu na podlagi tveganj. Zmanjševanje tveganj obdelave osebnih podatkov v digitalni dobi je izrednega pomena za visok standard varstva pravic posameznikov, katerih podatki se obdelujejo. Tveganja mora upravljavec analizirati v začetku priprav dejavnosti obdelave osebnih podatkov, kar je skladno s konceptom vgrajene zasebnosti. V okviru koncepta vgrajene zasebnosti so se oblikovala temeljna načela varstva osebnih podatkov, ki so se prelila tudi v aktualno zakonodajo. Osnovni elementi obravnavanih institutov se izrazijo v procesu izvedbe ocene učinka v zvezi z varstvom osebnih podatkov. Znotraj procesa ocene učinka upravljavec izbere in utemelji ustrezno pravno podlago za zbiranje osebnih podatkov, analizira tveganja in nato sprejme učinkovite ukrepe za skladno obdelavo osebnih podatkov s temeljnimi načeli varstva osebnih podatkov. Z izvedbo ocene učinka se krepijo pravice posameznikov, katerih osebni podatki se zbirajo. To je bil temeljni cilj nove ureditve, ki jo je prinesla Splošna uredba o varstvu osebnih podatkov.


GDPR;pravica do zasebnosti;načelo odgovornosti;upravljavec;pristop na podlagi tveganj;vgrajena zasebnost;privzeta zasebnost;ocena učinka;magistrske diplomske naloge;


Language: Slovenian
Year of publishing:
Typology: 2.09 - Master's Thesis
Organization: UL PF - Faculty of Law
Publisher: [A. Potrč]
UDC: 347:342.738(043.2)
COBISS: 17097041 Link will open in a new window
Secondary language: English
Secondary title: Current changes in the field of personal data protection
Secondary abstract: The purpose of this master's thesis is to examine the institution of impact assessment regarding personal data protection. Impact assessment is the process of identifying risks in personal data processing, on the basis of which the controller adopts organizational and technical measures for the protection of personal data. The controller is also bound to this by the principle of accountability, which is a fundamental principle for compliance throughout the processing procedure. The controller's responsible attitude towards personal data of data subjects is crucial for ensuring a high level of personal data protection. A great increase in quantity and quality of data processing in the digital age have required a systemic solution which will provide effective protection against personal data breach such as unauthorized access, mass disclosure and profiling. The current regulation adopts a risk-based approach to personal data protection. In the digital age reducing the risks in personal data processing is of paramount importance when ensuring a high standard of protection of the rights of data subjects. The risks must be analyzed by the controller at the beginning of pre-processing activities, which is in accordance with the concept of privacy by design. Under the concept of privacy by design, the fundamental principles of personal data protection have been formulated and also adopted by current legislation. The basic elements of the institutions under consideration are indicated in the impact assessment process regarding personal data protection. Within the impact assessment process, the controller selects and substantiates the appropriate legal basis for the collection of personal data, analyzes the risks, and then adopts effective measures to ensure compliance of personal data processing with the fundamental principles of personal data protection. Implementation of impact assessment strengthens the rights of data subjects. This has been the essential objective of the new regulation brought about by the General Data Protection Regulation.
Secondary keywords: right to privacy;accountability principle;controller;risk-based approach;privacy by design;privacy by default;impact assessment;
Type (COBISS): Master's thesis/paper
Thesis comment: Univ. v Ljubljani, Pravna fak.
Pages: 54 f.
ID: 11334322
