| | SLO | ENG | Cookies and privacy

Bigger font | Smaller font

Show document

Title:Obvladovanje tveganj v gospodarski družbi z vidika varstva osebnih podatkov : magistrsko delo
Authors:Lep, Aljaž (Author)
Prostor, Jerneja (Mentor) More about this mentor... New window
Lesjak, Benjamin (Co-mentor)
Files:.pdf MAG_Lep_Aljaz_2019.pdf (955,74 KB)
MD5: 9BF83ECE0394D5404A10FA4834E9EC0A
 
Language:Slovenian
Work type:Master's thesis/paper (mb22)
Typology:2.09 - Master's Thesis
Organization:PF - Faculty of Law
Abstract:Varstvo osebnih podatkov predstavlja institut, ki z razvojem informacijske tehnologije in posledično težjem nadzoru nad širjenjem informacij pridobiva na svojem pomenu. Sprejem Splošne uredbe (Splošna uredba o varstvu osebnih podatkov, ang. General Data Protection Regulation) je povzročil, da morajo organizacije ureditev varovanja osebnih podatkov ponovno preveriti in ji nameniti več pozornosti kot doslej. Zakonodaja na področju varstva osebnih podatkov zahteva od vseh organizacij določene obveznosti, pri čemer je večina obveznosti, ki jih uvaja nova Splošna uredba obstajala že pred njenim sprejemom. Magistrska naloga obravnava obveznosti in aktivnosti, ki jih morajo organizacije zasebnega sektorja urediti, da se uspešno izognejo tveganjem, ki jih nespoštovanje zakonodaje na tem področju prinaša. Poudarek je na pripravi dokumentacije, ki jo morajo organizacije sprejeti oziroma urediti in aktivnostih ter ukrepih, ki jih je potrebno izvrševati v praksi. Predstavljena je večina novosti, ki jih uvaja Splošna uredba, kot so: institut pooblaščene osebe za varstvo osebnih podatkov, evidenca dejavnosti obdelave, politika varstva osebnih podatkov, obveznost uradnega obveščanja o kršitvah (obveznost samoprijave). V Sloveniji je zaradi nesprejetja novega področnega Zakona o varstvu osebnih podatkov (v nadaljevanju: ZVOP-2), nastala »pravna praznina«, zaradi katere nastaja dvom, ali ima informacijski pooblaščenec kot nadzorni organ sploh ustrezna pooblastila za sankcioniranje nespoštovanja določb Splošne uredbe. Zaenkrat se sankcije za kršitve namreč še vedno izrekajo po obstoječem Zakonu o varstvu osebnih podatkov (v nadaljevanju: ZVOP-1), kljub temu pa ima nadzorni organ določena pooblastila tudi po Splošni uredbi. Omenjenega področnega zakona ZVOP-1 oziroma prihajajočega ZVOP-2 nikakor ne gre zanemariti, saj se določbe ZVOP-1 še vedno uporabljajo za tista področja, ki jih Splošna uredba ne ureja oziroma jih področni zakon lahko uredi drugače. Tako bo tudi bodoči ZVOP-2 urejal določene institute, ki jih Splošna uredba ne ureja, med drugim tudi področje videonadzora in neposrednega trženja, ki sta oba zelo pogosti praksi večine organizacij. V številnih državah članicah EU so nadzorni organi že izrekali sankcije zaradi kršitve določb Splošne uredbe. Med najpogostejšimi kršitvami so predvsem pomanjkljivosti na področju zavarovanja osebnih podatkov, (nezadostne) informacijske varnosti in nepooblaščenih vpogledov. Najvišje sankcije za kršitve so pričakovano prejele multinacionalne organizacije, vendar niti srednje velike in majhne gospodarske družbe, ki v svojih sistemih hranijo podatke o zgolj par 100 strankah, niso imune za tveganja, ki jim grozijo na področju varstva osebnih podatkov. Upoštevanje veljavne zakonodaje na področju varstva osebnih podatkov nedvomno pripomore k omejevanju možnih tveganj, sočasno pa povečuje tudi ugled organizacije v očeh posameznikov, konkurence in drugih subjektov.
Keywords:varstvo osebnih podatkov, Splošna uredba (GDPR), dokumentacija, ZVOP-1, ZVOP-2, varnostni incident, samoprijava, odgovornost za kršitve.
Year of publishing:2019
Place of performance:[Maribor
Publisher:A. Lep]
Number of pages:IV, 75 str.
Source:Maribor
UDC:342.721(043.3)
COBISS_ID:5822763 New window
NUK URN:URN:SI:UM:DK:QHPEI4TQ
Views:425
Downloads:97
Metadata:XML RDF-CHPDL DC-XML DC-RDF
Categories:PF
:
  
Average score:(0 votes)
Your score:Voting is allowed only for logged in users.
Share:AddThis
AddThis uses cookies that require your consent. Edit consent...

Hover the mouse pointer over a document title to show the abstract or click on the title to get all document metadata.

Licences

License:CC BY-NC-ND 4.0, Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International
Link:http://creativecommons.org/licenses/by-nc-nd/4.0/
Description:The most restrictive Creative Commons license. This only allows people to download and share the work for no commercial gain and for no other purposes.
Licensing start date:25.09.2019

Secondary language

Language:English
Title:Risk management in the company from the point of view of the protection of personal data
Abstract:Protection of personal data presents an institute, which has been gaining on meaning due to information technology development and consequentially more difficult control over information spreading. Passing of the General Regulation (General Data Protection Regulation) caused that organizations have to re-check the data about regulations for personal data protection and give it more attention than before. Legislation of personal data protection area demands certain obligations from all organizations and most of the obligations had already existed before the passing of the General Regulation. The master's thesis researches the obligations and activities, which have to be done for organizations of private sector to successfully avoid risks of legislation violation at the area. The stress is on documentation preparation, which organizations have to pass or prepare, and activities and measures, which have to be executed in practice. Most of the General Regulation novelties have been presented, such as the institute of plenipotentiary for protection of personal data, evidence of activity processing, protection of personal data policy, obligation of official violation informing (obligation of self-report). In Slovenia, there is a »legal void« because the new local Law for protection of personal data has not been passed (in continuation: ZVOP-2). It causes doubt if the information plenipotentiary as a supervisory body even have appropriate authorization to regulate violation of statutory provisions of the General Regulation. For now, regulations for violations are still charged after the existing Law for protection of personal data (in continuation: ZVOP-1). However, the supervisory body has certain authorisation power according to the General Regulation. The mentioned local law ZVOP-1 or the incoming ZVOP-2 cannot be neglected because the statutory provisions of ZVOP-1 are still used for the areas that the General Regulation does not arrange or can be arranged differently by the local law. Therefore, the future ZVOP-2 will arrange specific institutes, which are not arranged by the General Regulation, among others the area of video control and direct marketing, which are very frequent practices of most of organizations. In numerous states, members of European Union, the supervisory bodies have already charged sanctions because of the General Regulation statutory provision violations. The most frequent violations have been imperfections at the personal data protection area, (insufficient) information security, and unauthorized inspections. Multinational organizations have expectedly received the highest sanctions for violations. However, not even large and small economic companies, which save data about only a couple of hundred customers, are not immune to risks at the personal data protection area. The keeping of the valid legislation at the area of personal data protection helps to limit possible risks. However, at the same time, it increases the reputation of the company in the eyes of individuals, competition, and other subjects.
Keywords:protection of personal data, General Data Protection Regulation (GDPR), documentation, ZVOP-1, ZVOP-2, data breach, self-report, responsibility for violations.


Comments

Leave comment

You have to log in to leave a comment.

Comments (0)
0 - 0 / 0
 
There are no comments!

Back
Logos of partners University of Maribor University of Ljubljana University of Primorska University of Nova Gorica