magistrsko delo

Povzetek

Velik napredek informacijske tehnologije prinaša različne pasti na področju zasebnosti, na katere je potrebno biti pozoren in se na njih ustrezno odzivati. Zaradi tega je bila leta 2016 s strani Evropske unije sprejeta in objavljena Splošna uredba o varstvu osebnih podatkov, ki je pričela veljati 25. 5. 2018. Ljudje veliko časa preživijo na delovnem mestu, zato je varstvo podatkov na delovnem mestu pomembno. Za vsako obdelavo osebnih podatkov mora delodajalec imeti zakonito pravno podlago. Nova Uredba 2016/679 določa šest pravnih podlag, med katerimi velja privolitev za najbolj razširjeno. Vendar se zaradi specifičnosti delovnega razmerja, delodajalec le stežka sklicuje na privolitev in le-ta prihaja v poštev zgolj izjemoma. Delodajalci morajo imeti drugo pravno podlago, pri čemer pa so vedno dolžni upoštevati načelo sorazmernosti in obdelujejo samo podatke, ki so nujno potrebni. Uredba 2016/679 vsebuje preventivne ukrepe, ki naj pripomorejo k temu, da se zmanjšajo tveganja za kršitve varstva osebnih podatkov. Eden izmed ukrepov je ocena učinka v zvezi z varstvom osebnih podatkov, pri kateri morajo delodajalci že vnaprej prepoznati in oceniti tveganja. Delodajalci v praksi tega ne smejo razumeti kot neko dodatno obremenitev, ker je le-ta določena v njihovo korist, da se izognejo kršitvam in morebitnim kaznim. Velika novost je prav tako imenovanje pooblaščene osebe za varstvo podatkov. Njena funkcija je, da pomaga, svetuje, nadzoruje in skrbi za podjetje, da posluje v skladu z zakoni in predpisi s področja varstva osebnih podatkov. Kot smo ugotovili, pooblaščena oseba ni osebno odgovorna, da podjetje posluje v skladu z določbami o varstvu podatkov, ampak je dokazno breme na delodajalcu. Delodajalec ji mora zagotoviti ustrezna sredstva (čas, denar, prostore), da lahko nemoteno opravlja naloge. Uredba 2016/679 ni tipična uredba, ker državam članicam pušča širok prostor, ki ga morajo zapolniti z lastnimi rešitvami na področju varstva osebnih podatkov. Zaradi tega so imele države dve leti časa, da svojo zakonodajo prilagodijo evropskemu okvirju, vendar Slovenija tega do danes še ni storila. Značilnost uredb je, da se uporabljajo neposredno, kar pomeni, da se določbe Uredbe 2016/679 uporabljajo tudi pri nas, zato so jih podjetja dolžna upoštevati. V primerih, kjer so določbe Uredbe 2016/679 v nasprotju z ZVOP-1, to pomeni, da se v teh primerih ZVOP-1 ne sme uporabiti, ampak se uporabi navedena uredba. Glede določb, ki niso v nasprotju z Uredbo 2016/679, pa se ZVOP-1 do njegove razveljavitve in sprejetja ZVOP-2 še naprej uporablja. Navedeno ustvarja pravno negotovost, saj je potrebno v posameznem primeru konkretno primerjati oba pravna akta in v primeru kolizije uporabiti Uredbo 2016/679. To je še posebej težko v primerih, kjer nasprotja niso čisto jasna, in v primerih, ko so posamezne določbe Uredbe 2016/679 napisane na splošno. Do danes sta bila obravnavana dva osnutka Zakona o varstvu osebnih podatkov (ZVOP-2). V osnutkih je opaziti še veliko napak in nedoslednosti, določena področja so zgolj prepisana iz Uredbe 2016/679. Prva država, ki je posodobila svojo nacionalno zakonodajo, je bila Nemčija. To je storila v predpisanem roku, vendar zaradi pomanjkanja časa določenih področij ni uredila izčrpno. Upamo lahko, da bo Slovenija čimprej prilagodila svojo zakonodajo in da bo nov ZVOP-2 dovolj izčrpno urejal to področje, kot se za področje varstva osebnih podatkov tudi pričakuje.

Ključne besede

osebni podatki;pravna podlaga za obdelavo osebnih podatkov;privolitev delavca;pooblaščena oseba za varstvo podatkov;ocena učinka v zvezi z varstvom podatkov;kršitev varstva osebnih podatkov;magistrska dela;

Podatki

Jezik: Slovenski jezik
Leto izida:
Tipologija: 2.09 - Magistrsko delo
Organizacija: UM PF - Pravna fakulteta
Založnik: U. Bencak]
UDK: 342.738(043.3)
COBISS: 5698859 Povezava se bo odprla v novem oknu
Št. ogledov: 1094
Št. prenosov: 218
Ocena: 0 (0 glasov)
Metapodatki: JSON JSON-RDF JSON-LD TURTLE N-TRIPLES XML RDFA MICRODATA DC-XML DC-RDF RDF

Ostali podatki

Sekundarni naslov: Protection of employee´s Personal Data within the Framework of the GDPR
Sekundarni povzetek: The great progress of information technology brings about different traps in the area of privacy to which it is necessary to pay attention and respond appropriately. For this reason, in 2016 the general regulation on the protection of personal data, which has taken effect 25.05.2018, has been adopted and published by the European Union. People spend a lot of time at work, so data protection at work is important. For each processing of personal data, the employer must have a legal basis. The new regulation 2016/679 sets out six legal bases, from which the consent is the most widespread. However, due to the specificity of the employment relationship, the employer can rarely refer to the consent therefore this is only exceptionally appropriate. Employers must have a different legal basis, and they are always obliged to comply with the principle of proportionality and process only the information strictly necessary. Regulation 2016/679 contains preventive measures to help reduce the risks of personal data protection breach. One of the measures is a data protection impact assessment, where employers are required to recognize and assess risks in advance. Employers should not, in practice, see this as an additional burden because this is determined in their favor to avoid breaches and penalties. The great novelty is also the appointment of an authorized data protection officer. Their function is to help, advise, supervise and care for the company to operate in accordance with laws and regulations in the field of personal data protection. As we have found the authorized person is not personally responsible for the company to operate in accordance with the data protection provisions, but the burden of proof is on the employer. The employer must provide the officer with adequate resources (time, money, premises) to carry out the tasks smoothly. Regulation 2016/679 is not a typical regulation because it leaves the Member States with a wide space to be filled with their own solutions in the field of personal data protection. For this reason, the countries had two years of time to adapt their legislation to the European framework, but Slovenia has not yet done so. The characteristic of the regulations is that they should be applied directly, meaning that the provisions of regulation 2016/679 are also applied to us, so companies are obliged to take account of them. In cases where the provisions of regulation 2016/679 are contrary to ZVOP-1, this means that in these cases ZVOP-1 may not be used, but the regulation should apply. In cases where provisions are not contrary to regulation 2016/679, the ZVOP-1 shall continue to apply until its repeal and the adoption of ZVOP-2. This creates legal uncertainty, as it is necessary in an individual case to compare the two legal acts in a concrete way and to apply regulation 2016/679 in the event of a conflict. This is particularly difficult in cases where the opposites are not quite clear and in cases where the individual provisions of regulation 2016/679 are written in general. Two draft law on personal data Protection (ZVOP-2) have been addressed to this date. Many errors and inconsistencies have been observed in the drafts, and certain areas are merely overwritten by regulation 2016/679. The first country to update its national legislation was Germany. It has done so within the prescribed time limit but has not been edited in a comprehensive manner due to lack of time for certain areas. We hope that Slovenia will adapt its legislation as soon as possible and that the new ZVOP-2 will comprehensively regulate this area, as is expected for the field of personal data protection.
Sekundarne ključne besede: Personal data;legal basis for processing personal data;employees' consent;data protection officer;data protection impact assessment;personal data protection breach;
URN: URN:SI:UM:
Vrsta dela (COBISS): Magistrsko delo/naloga
Komentar na gradivo: Univ. v Mariboru, Pravna fak.
Strani: 57 str.
ID: 11000853