izpis_h1_title_alt

Položaj upravljavcev in obdelovalcev osebnih podatkov v kontekstu Splošne uredbe o varstvu podatkov
ID Pleško, Maša (Author), ID Bugarič, Bojan (Mentor) More about this mentor... This link opens in a new window

.pdfPDF - Presentation file, Download (1,41 MB)
MD5: 38E5C57AA2D64336C8E7E0178CC481AB

Abstract
V magistrskem delu so sistematično obravnavane določbe GDPR, pri čemer se analizira njihov vpliv na položaj upravljavcev in obdelovalcev osebnih podatkov. V prvem delu se skladno z GDPR opredeli pojem »osebnih podatkov« ter kriteriji, po katerih se subjekti, vključeni v obdelavo osebnih podatkov, razvrstijo v kategorijo upravljavcev ali obdelovalcev osebnih podatkov. Sledi pravna analiza temeljnih načel, katera morajo upravljavci in obdelovalci osebnih podatkov pri obdelavah osebnih podatkov spoštovati, in sicer so izpostavljena načelo zakonitosti, pravičnosti in preglednosti, načelo omejitve namena, načelo najmanjšega obsega podatkov ter novo uzakonjeno načelo odgovornosti. V nadaljevanju se razišče, katere pravice lahko posameznik, na katerega se nanašajo osebni podatki, uveljavlja zoper upravljavce osebnih podatkov, pri čemer se podrobneje analizira ureditev novo uzakonjenih pravic, kot so t.i. pravica do pozabe ter pravica do prenosljivosti podatkov. V osrednjem delu se predstavijo nove obveznosti upravljavcev in obdelovalcev osebnih podatkov, kot so obveznosti vgrajenega in privzetega varstva osebnih podatkov, dokumentiranje obdelav, uradno obvestilo nadzornemu organu o kršitvi varnosti osebnih podatkov, izdelava ocen učinka ter imenovanje pooblaščenih oseb za varstvo podatkov. Analizira se tudi, kakšne sankcije lahko potencialno zadenejo upravljavce in obdelovalce osebnih podatkov v primeru neskladnosti z GDPR. V tem delu se potrdi prva hipoteza, da je GDPR zaostrila položaj upravljavcev in obdelovalcev osebnih podatkov, saj vzpostavitev skladnosti z GDPR od njih zahteva obsežno revizijo in pregled trenutne prakse, neprestano spremljanje tveganj dejanj izvedenih obdelav, vpeljavo mnogih mehanizmov za varnost osebnih podatkov, znatne finančne investicije ter vlaganje v razvoj in izobraževanje zaposlenih. V zadnjem delu se obravnava praktični pristop k implementaciji in izvrševanju navedenih ukrepov, ki ga določa GDPR, in sicer pristop na podlagi tveganj. V povezavi s tem se potrdi druga hipoteza, saj se navedeni pristop predstavi kot primeren za področje zagotavljanja varnosti osebnih podatkov, ker igra ključno vlogo pri zagotavljanju, da je GDPR tehnološko nevtralna zakonodaja.

Language:Slovenian
Keywords:GDPR, upravljavec, obdelovalec, načelo odgovornosti, pravica do prenosljivosti, pooblasščena oseba za varstvo podatkov, ocena učinka, pristop na podlagi tveganj
Work type:Master's thesis/paper
Organization:PF - Faculty of Law
Year:2018
PID:20.500.12556/RUL-105844 This link opens in a new window
COBISS.SI-ID:16579409 This link opens in a new window
Publication date in RUL:20.12.2018
Views:1661
Downloads:443
Metadata:XML DC-XML DC-RDF
:
Copy citation
Share:Bookmark and Share

Secondary language

Language:English
Title:Data controller and data processor position in the context of General Data Protection Regulation
Abstract:
The present master's thesis represents crucial GDPR provisions, focusing on the analysis of their impact on the controllers and processors of personal data. In the first part of the master's thesis, the wide definition of »personal data« is explained and the criteria under which the subjects, engaged in the personal data processing, are characterized as controllers or processors, is being represented. This is followed by a detailed analysis of the basic principles relating to processing of personal data, such as principles of lawfulness, fairness and transparency, purpose limitation, data minimization and accountability. Furthermore, it is analyzed which rights the data subjects have and a detailed analysis of the newly enacted right to be forgotten and right to data portability is conducted. In the main part of the master's thesis, the newly enacted responsibilities of the controllers and processors are being analyzed, such as the concept of data protection by design and by default, maintenance of the records of processing activities, notification of a personal data breach to the supervisory authority, data protection impact assessment and designation of the data protection officer. Moreover, it is examined what kind of fines the controllers and processors could be facing in case they are not compliant with GDPR. In connection to this, the first hypothesis is confirmed, as it is concluded that GDPR has severely impacted the controller’s and the processor’s situation, since compliance with GDPR demands an extensive revision and review of current practices, constant risk assessment, implementation of various measures for the safety of personal data, significant financial investment and further education of the employees. In the last part of the master's thesis, the practical risk-based approach to the implementation and execution of the mentioned GDPR provisions is represented. In this regard, the second hypothesis is also confirmed, as it is concluded that risk-based approach is appropriate for the protection of personal data, since it is the key factor in establishing GDPR as the technology neutral legislation.

Keywords:GDPR, data controller, data processor, accountability, right to data portability, data protection officer, data protection impact assessment, risk-based approach

Similar documents

Similar works from RUL:
Similar works from other Slovenian collections:

Back