Risk Analysis and Data Protection Impact Assessment Conducted in the Public Sector

The European Parliament and Council Regulation (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC, introduced a new one, a proactive model of protection of personal data processed in the organization, based on a risk-based approach. It imposed some new obligations on the administrators, related to conducting analysis of the risk of violation of the rights and freedoms of the persons, whose data they process. Considering the scope, scale and categories of personal data processed, public sector entities face a huge challenge to meet the restrictions of the EU legislator. An additional difficulty is often a very extensive organizational structure, complicated processing processes, limited financial resources and unadjusted IT systems. The article discusses the issues of risk analysis and impact assessment for the protection of personal data processed in the public sector, in order to meet the requirements of the GDPR. The key issue in this respect is the adoption of an appropriate methodology in the risk estimation process, because properly carried out, it enables the implementation of security measures adequate to potential threats.

Download Full-text

RISK ANALYSIS AND DATA PROTECTION IMPACT ASSESSMENT CONDUCTED IN THE PUBLIC SECTOR

Ante Portas - Studia nad bezpieczeństwem ◽

10.33674/320194 ◽

2020 ◽

Vol 1(14)/2020 (1(14)/2020) ◽

pp. 45-57

Author(s):

Aleksandra OLENDER

Keyword(s):

Public Sector ◽

Risk Analysis ◽

Impact Assessment ◽

Risk Estimation ◽

Personal Data ◽

Security Measures ◽

The Public ◽

It Systems ◽

Council Regulation ◽

The Eu

The European Parliament and Council Regulation (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC introduced a new one, a proactive model of protection of personal data processed in the organization, based on a risk-based approach. It imposed on the administrators new obligations related to conducting analyzes of the risk of violation of the rights and freedoms of persons whose data they process. Considering the scope, scale and categories of personal data processed, public sector entities face a huge challenge to meet the restrictions of the EU legislator. An additional difficulty is often a very extensive organizational structure, complicated processing processes, limited financial resources and unadjusted IT systems. The article discusses issues of risk analysis and impact assessment for the protection of personal data processed in the public sector in order to meet the requirements of the GDPR. The key issue in this respect is the adoption of an appropriate methodology in the risk estimation process, because properly carried out it enables the implementation of security measures adequate to potential threats.

Download Full-text

Paving the Way to an Improved, Modern Management of Risk: The new European Commission's Better Regulation Strategy

European Journal of Risk Regulation ◽

10.1017/s1867299x00005213 ◽

2015 ◽

Vol 6 (4) ◽

pp. 649-651 ◽

Cited By ~ 1

Author(s):

Richard Meads ◽

Lorenzo Allio

Keyword(s):

Risk Analysis ◽

Impact Assessment ◽

Political Science ◽

Strategic Thinking ◽

Modern Management ◽

Better Regulation ◽

Regulatory Impact ◽

Recent Developments ◽

The Eu ◽

Management Of Risk

This section regularly examines Regulatory Impact Assessment (IA) at three levels: the EU, theMember States and internationally. Contributions aim to cover aspects such as the interface between IA and risk analysis, looking atmethodologies as well as legal and political science-related issues. Contributions are meant to report and critically assess recent developments in the field, develop strategic thinking, and make constructive recommendations for improving performance in IA processes.

Download Full-text

Trade Union Practices in the EU and Latvia: Experience for Eastern Partnership Countries

Baltic Journal of European Studies ◽

10.2478/bjes-2014-0018 ◽

2014 ◽

Vol 4 (2) ◽

pp. 99-118

Author(s):

Sergejs Stacenko ◽

Biruta Sloka

Keyword(s):

Public Sector ◽

Trade Union ◽

Trade Unions ◽

Industrial Relations ◽

Comparative Approach ◽

Eastern Partnership ◽

The Public ◽

Social Dialogue ◽

Eastern Partnership Countries ◽

The Eu

AbstractThe article will show major dimensions in the experience of EU Member States that could be shared with the Eastern Partnership (EaP) countries. The framework of the study is the EU concept of trade unions in social dialogue and social partnership in the public sector. This study outlines the concept of social dialogue as a core element of industrial relations and will focus on industrial relations specifically in the public sector. The authors have elaborated the approach to industrial relations and social dialogue taking into account comparative approach to definitions provided by international institutions such as ILO and OECD, as well as institutions in the EU and Latvia. Latvia is also a case study for Eastern Partnership countries as these countries and their trade unions are in a transition period from socialist structures to structures that possess liberal economies. Trade unions in these countries are members of the International Trade Union Confederation. The major transformation that trade unions underwent from being part of the socialist system and becoming an independent institution since Latvia regained independence in 1991 has been studied. The paper discusses the current developments related to the position of Latvian Free Trade Union Federation in the system of decision-making process related to the public administration management. Finally, the prospective role of trade unions in the EU and in Latvia is analysed and possible revitalisation of trade union is discussed. This approach could be applied to the Eastern Partners of the EU.

Download Full-text

The Impact of EURODAC in EU Migration Law: The Era of Crimmigration?

Market and Competition Law Review ◽

10.7559/mclawreview.2019.318 ◽

2019 ◽

Vol 3 (1) ◽

pp. 157-183 ◽

Cited By ~ 1

Author(s):

Benedita Menezes Queiroz

Keyword(s):

Law Enforcement ◽

Personal Data ◽

Public Security ◽

Security Measures ◽

Legal Regime ◽

Irregular Migrants ◽

Access To Data ◽

The Impact ◽

Migration Law ◽

The Eu

Counter-terrorism and public security measures have significantly altered EU immigration law. Under the premise that EU instruments which regulate EU immigration databases influence the legal regime of irregularity of migrants’ statuses, the present article argues that the latest developments in the area of data technology contribute to the phenomenon of “crimmigration”. This is so not only because they may generate a sort of “digital illegality” due to their impact on the categorisation of migrants, but also because they enable a conflation of treatment of irregularity, asylum seeking and criminality. This article focuses on the recent amendments and proposals for amendments to the EURODAC Regulation, a database that regulates the asylum fingerprint system in the EU. This is revealing of the ongoing broadening of the purpose of that data and law enforcement access to the collected information. The argument finds its basis in three main trends common to these databases: the erosion of the principle of purpose limitation, the widening of access to data by law enforcement authorities, and the digitalisation of borders through biometrics. Ultimately, this article claims that the level of surveillance of certain categories of migrants that may cross the borders of the EU puts at risk the distinction between illegally staying irregular migrants and criminals, given that the treatment of their personal data is insufficiently clear in practice.

Download Full-text

Personal data in the public sector:

The glass consumer ◽

10.2307/j.ctt9qgwhp.9 ◽

2018 ◽

pp. 133-154

Author(s):

Christine Bellamy ◽

Perri 6 ◽

Charles Raab

Keyword(s):

Public Sector ◽

Personal Data ◽

The Public

Download Full-text

Personal data in the public sector: reconciling necessary sharing with confidentiality?

The glass consumerLife in a surveillance society ◽

10.1332/policypress/9781861347350.003.0006 ◽

2005 ◽

pp. 133-154 ◽

Cited By ~ 1

Author(s):

Christine Bellamy ◽

Perri Six ◽

Charles Raab

Keyword(s):

Public Sector ◽

Personal Data ◽

The Public

Download Full-text

The Public Health Implications of Brexit: A Health Impact Assessment Approach

European Journal of Public Health ◽

10.1093/eurpub/ckz187.139 ◽

2019 ◽

Vol 29 (Supplement_4) ◽

Author(s):

L Green

Keyword(s):

Public Health ◽

Impact Assessment ◽

Health Impact Assessment ◽

Health Impact ◽

Complex Nature ◽

The Public ◽

Wide Range ◽

The Impact ◽

The Eu ◽

Public Bodies

Abstract On March 29th 2019, the United Kingdom (UK) was due to exit the EU in a process known informally as ’Brexit’. This exit and entry into a 2-year transition is a period of unprecedented political and social upheaval - with many unknowns and much uncertainty attached to the outcomes and future impact. In preparation for Brexit, Public Health Wales commissioned the Wales HIA Support Unit to carry out a health impact assessment of Brexit in Wales to support and inform its and other public bodies planning and future work. This paper examines the unique HIA carried out between July and December 2018 on the impact of the UK withdrawal from the EU in Wales. It discusses the robust, participatory process undertaken, the stakeholders involved and the benefits reaped from this. It highlights the evidence gathered and analysed including the collection methods, the complex nature of the work and disseminates the main findings from the HIA including the potential determinants of health and population groups identified. Finally, it describes the challenges faced, how these were overcome, and the huge benefits, impact and influence it has had to date across a wide range of UK and Welsh organisations and public bodies. This work demonstrates continued leadership in the field of impact assessment and spearheads the requirement for public bodies to carry out HIAs as part of the forthcoming statutory requirements of the Public Health (Wales) Act 2017 an can inform practice at a global level. Key messages HIA can inform and influence action in response to important strategic decisions. The Brexit HIA is a unique example which can inform international HIA practice.

Download Full-text

Key security measures for personal data protection in IT systems

2012 20th Telecommunications Forum (TELFOR) ◽

10.1109/telfor.2012.6419152 ◽

2012 ◽

Author(s):

Dejan Z. Jankovic

Keyword(s):

Data Protection ◽

Personal Data ◽

Security Measures ◽

Personal Data Protection ◽

It Systems

Download Full-text

New Approaches to Network and Information Security Regulation: The EU Telecoms Package

Computer Law Review International ◽

10.9785/ovs-cri-2010-43 ◽

2010 ◽

Vol 11 (2) ◽

Author(s):

Lukas Feiler

Keyword(s):

Risk Mitigation ◽

Fundamental Problem ◽

Personal Data ◽

Security Measures ◽

Electronic Communications ◽

Communications Networks ◽

Security Breaches ◽

National Regulatory Authority ◽

New Policies ◽

The Eu

AbstractThe ePrivacyDirective and the FrameworkDirective as amended by the EU Telecoms Package introduce, for the first time, obligations for providers of public communications networks and for providers of publicly available electronic communications services to notify certain personal data security breaches and certain network security breaches to subscribers, individuals concerned, and/or the competent national (regulatory) authority. This paper analyzes the conditions under which different types of security breaches will have to be notified and to whom this notification will have to be addressed. The paper will conclude with a riskbased assessment of these new security breach notification requirements, examining to what extent they not only allow users to take corrective security measures and regulators to make informed policy choices, but also to what extent the new policies address the fundamental problem of the misalignment of risk and risk mitigation capability.

Download Full-text

Regulatory Impact Assessment and Sustainable Development: Towards a Common Framework?

European Journal of Risk Regulation ◽

10.1017/s1867299x00000489 ◽

2010 ◽

Vol 1 (3) ◽

pp. 276-280 ◽

Cited By ~ 2

Author(s):

Klaus Jacob

Keyword(s):

Sustainable Development ◽

Risk Analysis ◽

Impact Assessment ◽

Political Science ◽

Strategic Thinking ◽

Regulatory Impact ◽

Recent Developments ◽

Common Framework ◽

The Eu ◽

Regulatory Impact Assessment

This section regularly examines Regulatory Impact Assessment (IA) at three levels: the EU, the Member States and internationally. Contributions aim to cover aspects such as the interface between IA and risk analysis, looking at methodologies as well as legal and political science-related issues. Contributions are meant to report and critically assess recent developments in the field, develop strategic thinking, and make constructive recommendations for improving performance in IA processes.

Download Full-text