Επιχειρησιακές επιπτώσεις του νέου Γενικού Κανονισμού Προστασίας Δεδομένων - General Data Protection Regulation 2016/679 (ΓΚΠΔ/GDPR)
Operational impact of the new General Data Protection Regulation 2016/679 (GDPR)
View/ Open
Keywords
Προστασία δεδομένων ; Γενικός Κανονισμός Προστασίας Δεδομένων (ΓΚΠΔ) ; Νομικό πλαίσιο ; General Data Protection Regulation (GDPR)Abstract
The present assignment was carried out in the framework of the master Dissertation of the postgraduate program "Techno - economic Management & Security of Digital Systems" of the Department of Digital Systems of the University of Piraeus. The dissertation title is: "Operational impact of the new General Data Protection Regulation 2016/679 (GDPR)". The European Regulation is a European Union’s legal act that is binding in its entirety and directly applicable in all Member States of the European Union. The GDPR concerns the protection of individuals with regard to the processing of personal data and the free movement of such data and is intended to replace Directive 95/46 / EC of the European Parliament (24/10/1995) “on the protection of individuals with regard to the processing of personal data persons with regard to the processing of personal data and the free movement of such data”. The GDPR has some features of a Directive insofar as it allows member states to regulate national situations in certain cases e.g. The minimum age of consent of underage’s (set at the age of 15 in the Greek draft law which has been consulted and 13 years since the corresponding Cypriot law that will be published shortly). The GDPR adopted on April 27th, 2016 and will be enforced on May 25th, 2018. Businesses - organizations will have to comply by the regulation’s date of application. In this work, a step-by-step practical guide was developed to help an organization comply with the new regulation. The structuring methodology of the practical guide and the actual guide, are described here. More specifically, in the first chapter, a brief reference is made to the content of the GDPR. A description of the legal framework that sets the rules for all the parts involved, is presented, and their responsibilities, rights and obligations are analyzed. In the second chapter, the practical part of this work is presented. This includes the methodology for creating the guide and its representation. The stages that led to the final form of the guide and the tools that were created, are analyzed in detail. In the third chapter, the six-step guide that leads a company - organization to comply with the regulation, is displayed. It is included in steps the way of implementation from the initial organization’s status to maximum possible compliance. In the fourth and last chapter the conclusions drawn from the experience of creating and testing the guide, are shown. Its strengths and weaknesses as well as suggestions for future improvement are mentioned.