scholarly journals Analysis of personal data protection methods according to ukrainian legislation and the GDPR

2021 ◽  
Vol 3 (2) ◽  
pp. 51-57
Author(s):  
M. M. Shabatura ◽  
◽  
R. O. Salashnyk ◽  
Keyword(s):  
Data Protection ◽  
Rapid Development ◽  
Public Information ◽  
Personal Data ◽  
Criminal Code ◽  
Information Storage ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Legal Standards ◽  
Technical Solutions

The problem of modern technologies rapid development is shown and characterized, which makes the issues of Internet users personal data protection very urgent. The current state of personal data protection in accordance with the requirements of Ukrainian legislation and the General Data Protection Regulation (GDPR) is analyzed. It is also determined which data belong to personal data and why they are subject to protection. According to Ukrainian Laws "On Access to Public Information", "On Personal Data Protection " and "About information protection in information and telecommunication systems" it was found the methods of personal data protection, peculiarities of processing information, storage, and transfer. Personal data is a kind of restricted access information so should be processed only in systems that have a comprehensive information security system possessing a certificate of conformity. Ukraine was one of the first countries, which introduce an electronic passport, so we considered the "DIIA" application. This application contains a huge database of personal data, that is why we investigate it and many interesting facts about the development are presented. The Code of Ukraine on Administrative Offenses and the Criminal Code of Ukraine for violation of requirements and non-compliance with the law on personal data protection in Ukraine are analyzed, penalties are also described. The requirements for personal data protection according to the European standard GDPR, namely, the procedure of pseudonymization, annihilation, encryption, etc. are given. A set of technical solutions and cybersecurity tools for implementing compliance with the GDPR standards is considered. In addition to technical solutions, important issues are security organization measures, these include staff training, adding privacy policies, proper organization of processes, providing access to personal data only to authorized employees. The penalty for violating the GDPR requirements has been clarified. Every country in the world is trying to ensure the protection of the personal data of its citizens at the legislative level by creating laws, regulations, and orders. It is emphasized, an important factor is to raise the awareness of citizens, who often ignore the problems associated with the protection of their personal data, including due to a lack of understanding of legal standards and requirements in this area. Keywords: personal data; processing; "DIIA"; protection; GDPR.

scholarly journals Personal Data Protection and Access to Archives in Ukraine: From the National and International Perspective

Atlanti ◽  
2018 ◽  
Vol 28 (2) ◽  
pp. 61-70
Author(s):  
Maryna Paliienko
Keyword(s):  
Data Protection ◽  
Personal Information ◽  
Public Information ◽  
Personal Data ◽  
International Perspective ◽  
Economic Life ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
The Right

The article is devoted to the analysis of the General Data Protection Regulation, which came into force on May 25, 2018, on the territory of the member states of the European Union, in comparison with the legislation on personal data that operates in Ukraine. The following basic concepts such as “personal data”, “personal data bases”, “information protection”, “the right to access to information”, “the right to erasure” are considered. Special attention is paid to the activities of archives in collecting, processing, storing and providing access to documents that contain personal information. It is analyzed the Laws of Ukraine “On Information”, “On Protection of Personal Data”, “On Access to Public Information”, “On the National Archival Fond and Archival Institutions”. It has been pointed out that the GDPR has very important value for European socio-political and economic life, for working out data protection standards and a new international privacy protection framework.

scholarly journals Normative legal mechanism for ensuring cyberspace security of Thailand

2021 ◽  
pp. 1-20
Author(s):  
Ella Gorian
Keyword(s):  
Data Protection ◽  
Information Technologies ◽  
Personal Data ◽  
Criminal Code ◽  
The European Union ◽  
National Interests ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Legal Mechanism ◽  
Cyberspace Security

The object of this research is the legal relations that emerge in the context of implementation of measures for ensuring cybersecurity. Characteristic is given to the provisions of the normative legal acts of Thailand in the sphere of cybersecurity. The article author explores the peculiarities of such policy and regulatory documents as Thai National Cybersecurity Strategy for 2017–2021, Policy and Plan for National Security (2019–2022), Cyber Crime Act of 2007 (revised in 2017), Criminal Code of 1956 (revised in 2019), Personal Data Protection Act of 2017, and Cybersecurity Act of 2019. The author reveals the peculiarities of normative legal mechanism for ensuring cyberspace security in Thailand. In its policy documents, Thailand does not determine the major information threats in domestic and foreign spheres or the priorities in the development of cybersecurity system, but rather outlines the range of national interests and sets the tasks may propel it to the regional leadership. The laws are elaborated with consideration of the latest trends in the sphere of information technologies,, and include in the scope of regulation such questions as the protection of personal data, computer and information systems, and critical information infrastructure. The vertical framework of state administration and monitoring, as well as the range of powers of the competent bodies are established on the legislative level. In the sphere of protection of personal data, Thai legislation extensively duplicates the provisions of the General Data Protection Regulation of the European Union. A distinctive feature of the normative legal acts consists in legal substantiation of restriction of human rights and freedoms in the context of implementation of such provisions.

Importance of Personal Data Protection Law for Commercial Air Transport

2017 ◽  
Vol 2017 (1) ◽  
pp. 35-44
Author(s):  
Dawid Zadura
Keyword(s):  
Data Protection ◽  
Public Information ◽  
Personal Data ◽  
Air Transport ◽  
Civil Aviation ◽  
Aviation Industry ◽  
Personal Data Protection ◽  
It Systems ◽  
Data Protection Law ◽  
The Law

Abstract In the review below the author presents a general overview of the selected contemporary legal issues related to the present growth of the aviation industry and the development of aviation technologies. The review is focused on the questions at the intersection of aviation law and personal data protection law. Massive processing of passenger data (Passenger Name Record, PNR) in IT systems is a daily activity for the contemporary aviation industry. Simultaneously, since the mid- 1990s we can observe the rapid growth of personal data protection law as a very new branch of the law. The importance of this new branch of the law for the aviation industry is however still questionable and unclear. This article includes the summary of the author’s own research conducted between 2011 and 2017, in particular his audits in LOT Polish Airlines (June 2011-April 2013) and Lublin Airport (July - September 2013) and the author’s analyses of public information shared by International Civil Aviation Organization (ICAO), International Air Transport Association (IATA), Association of European Airlines (AEA), Civil Aviation Authority (ULC) and (GIODO). The purpose of the author’s research was to determine the applicability of the implementation of technical and organizational measures established by personal data protection law in aviation industry entities.

scholarly journals Data Protection Impact Assessment (DPIA) for Cloud-Based Health Organizations

2021 ◽  
Vol 13 (3) ◽  
pp. 66
Author(s):  
Dimitra Georgiou ◽  
Costas Lambrinoudakis
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Gap Analysis ◽  
Health Care Organization ◽  
Personal Data ◽  
Care Organization ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Compliance Level

The General Data Protection Regulation (GDPR) harmonizes personal data protection laws across the European Union, affecting all sectors including the healthcare industry. For processing operations that pose a high risk for data subjects, a Data Protection Impact Assessment (DPIA) is mandatory from May 2018. Taking into account the criticality of the process and the importance of its results, for the protection of the patients’ health data, as well as the complexity involved and the lack of past experience in applying such methodologies in healthcare environments, this paper presents the main steps of a DPIA study and provides guidelines on how to carry them out effectively. To this respect, the Privacy Impact Assessment, Commission Nationale de l’Informatique et des Libertés (PIA-CNIL) methodology has been employed, which is also compliant with the privacy impact assessment tasks described in ISO/IEC 29134:2017. The work presented in this paper focuses on the first two steps of the DPIA methodology and more specifically on the identification of the Purposes of Processing and of the data categories involved in each of them, as well as on the evaluation of the organization’s GDPR compliance level and of the gaps (Gap Analysis) that must be filled-in. The main contribution of this work is the identification of the main organizational and legal requirements that must be fulfilled by the health care organization. This research sets the legal grounds for data processing, according to the GDPR and is highly relevant to any processing of personal data, as it helps to structure the process, as well as be aware of data protection issues and the relevant legislation.

scholarly journals Capturing the Basics of the GDPR in a Well-Founded Legal Domain Modular Ontology

2021 ◽  
Author(s):  
Mirna El Ghosh ◽  
Habib Abdulrab
Keyword(s):  
Data Protection ◽  
Legal Reasoning ◽  
Conceptual Modeling ◽  
Personal Data ◽  
Process Ontology ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Modular Ontology ◽  
Legal Domain ◽  
Ontology Reuse

The primary goal of the General Data Protection Regulation (GDPR) is to regulate the rights and duties of citizens and organizations over personal data protection. Implementing the GDPR is recently gaining much importance for legal reasoning and compliance checking purposes. In this work, we aim to capture the basics of GDPR in a well-founded legal domain modular ontology named OPPD (Ontology for the Protection of Personal Data). Ontology-Driven Conceptual Modeling (ODCM), ontology layering, modularization, and reuse processes are applied. These processes aim to support the ontology engineer in overcoming the complexity of the legal knowledge and developing an ontology model faithful to reality. ODCM is used for grounding OPPD in the Unified Foundational Ontology (UFO). Ontology modularization and layering aim to simplify the ontology building process. Ontology reuse focuses on selecting and reusing Conceptual Ontology Patterns (COPs) from UFO and the legal core ontology UFO-L. OPPD intends to overcome the lack of a representation of legal procedures that most ontologies encountered. The potential use of OPPD is proposed to formalize the GDPR rules by combining ontological reasoning and Logic Programming.

scholarly journals Data Sharing Under the General Data Protection Regulation

Hypertension ◽  
2021 ◽  
Vol 77 (4) ◽  
pp. 1029-1035
Author(s):  
Antonia Vlahou ◽  
Dara Hallinan ◽  
Rolf Apweiler ◽  
Angel Argiles ◽  
Joachim Beige ◽  
...  
Keyword(s):  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
Research Approach ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Protection Legislation ◽  
General Data ◽  
Almost All

The General Data Protection Regulation (GDPR) became binding law in the European Union Member States in 2018, as a step toward harmonizing personal data protection legislation in the European Union. The Regulation governs almost all types of personal data processing, hence, also, those pertaining to biomedical research. The purpose of this article is to highlight the main practical issues related to data and biological sample sharing that biomedical researchers face regularly, and to specify how these are addressed in the context of GDPR, after consulting with ethics/legal experts. We identify areas in which clarifications of the GDPR are needed, particularly those related to consent requirements by study participants. Amendments should target the following: (1) restricting exceptions based on national laws and increasing harmonization, (2) confirming the concept of broad consent, and (3) defining a roadmap for secondary use of data. These changes will be achieved by acknowledged learned societies in the field taking the lead in preparing a document giving guidance for the optimal interpretation of the GDPR, which will be finalized following a period of commenting by a broad multistakeholder audience. In parallel, promoting engagement and education of the public in the relevant issues (such as different consent types or residual risk for re-identification), on both local/national and international levels, is considered critical for advancement. We hope that this article will open this broad discussion involving all major stakeholders, toward optimizing the GDPR and allowing a harmonized transnational research approach.

scholarly journals Privacy, security, legal and technology acceptance elicited and consolidated requirements for a GDPR compliance platform

2020 ◽  
Vol 28 (4) ◽  
pp. 531-553 ◽  
Author(s):  
Aggeliki Tsohou ◽  
Emmanouil Magkos ◽  
Haralambos Mouratidis ◽  
George Chrysoloras ◽  
Luca Piras ◽  
...  
Keyword(s):  
Technology Acceptance ◽  
Data Protection ◽  
Personal Data ◽  
Secondary Process ◽  
Multiple Perspectives ◽  
Data Governance ◽  
Content Type ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Eu Project

Purpose General data protection regulation (GDPR) entered into force in May 2018 for enhancing personal data protection. Even though GDPR leads toward many advantages for the data subjects it turned out to be a significant challenge. Organizations need to implement long and complex changes to become GDPR compliant. Data subjects are empowered with new rights, which, however, they need to become aware of. GDPR compliance is a challenging matter for the relevant stakeholders calls for a software platform that can support their needs. The aim of data governance for supporting GDPR (DEFeND) EU project is to deliver such a platform. The purpose of this paper is to describe the process, within the DEFeND EU project, for eliciting and analyzing requirements for such a complex platform. Design/methodology/approach The platform needs to satisfy legal and privacy requirements and provide functionalities that data controllers request for supporting GDPR compliance. Further, it needs to satisfy acceptance requirements, for assuring that its users will embrace and use the platform. In this paper, the authors describe the methodology for eliciting and analyzing requirements for such a complex platform, by analyzing data attained by stakeholders from different sectors. Findings The findings provide the process for the DEFeND platform requirements’ elicitation and an indicative sample of those. The authors also describe the implementation of a secondary process for consolidating the elicited requirements into a consistent set of platform requirements. Practical implications The proposed software engineering methodology and data collection tools (i.e. questionnaires) are expected to have a significant impact for software engineers in academia and industry. Social implications It is reported repeatedly that data controllers face difficulties in complying with the GDPR. The study aims to offer mechanisms and tools that can assist organizations to comply with the GDPR, thus, offering a significant boost toward the European personal data protection objectives. Originality/value This is the first paper, according to the best of the authors’ knowledge, to provide software requirements for a GDPR compliance platform, including multiple perspectives.

scholarly journals The Personal Data Protection of Internet Users in Indonesia

2021 ◽  
Vol 56 (1) ◽  
Author(s):  
Dewa Gede Sudika Mangku ◽  
Ni Putu Rai Yuliartini ◽  
I. Nengah Suastika ◽  
I. Gusti Made Arya Suta Wirawan
Keyword(s):  
Data Protection ◽  
Online Community ◽  
Service Providers ◽  
Rapid Development ◽  
Information Service ◽  
Personal Data ◽  
Literature Study ◽  
Personal Data Protection ◽  
Internet Users ◽  
Specific Regulation

The emergence and rapid development of information and communication technology has brought about various opportunities and challenges. One of them is the active interaction between individuals and the digital-based information service providers. In modern economic development, related information including personal data or also known as digital dossier—the collection of large amounts of an individual’s information using digital technology—are valuable assets due to their high economic value since they are widely utilized by businesses. In this regard and due to the increasing number of cellphone and internet users, there is a need to study the issues on the importance of protecting one’s personal data. In Indonesia, there is no specific regulation regarding the protection of personal data. Therefore, it is essential to come up with specific and comprehensive legislation related to personal data protection as legal basis for better implementation of personal data protection in Indonesia in the future. The purpose of this research is to find out and analyze the current policies on protection of personal data of internet users in Indonesia. This study uses a normative juridical method with a statutory approach and utilizes literature study. The result shows that the concept of personal data protection implies that individuals have the right to determine whether one will join an online community, share or exchange personal data with another, and the conditions that must be met in order to do so. The study likewise found that the threat of personal data leakage is increasingly occurring because of the development of the e-commerce sector in Indonesia.

scholarly journals The State Archives of the Republic of Macedonia: Use of Archival Material and Data Protection Pursuant to the Law on Personal Data Protection and the General Data Protection Regulation

Atlanti ◽  
2018 ◽  
Vol 28 (2) ◽  
pp. 91-98
Author(s):  
Svetlana Usprcova
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
The State ◽  
General Data Protection Regulation ◽  
Archival Material ◽  
Personal Data Protection ◽  
Republic Of Macedonia ◽  
Other Information ◽  
The Republic ◽  
State Archives

The aim of this paper is to explain the position of the State Archives of the Republic of Macedonia as guardian of the archival material, which is a subject of use for scientific, academic, administrative, public, publishing, exhibition and other purposes. In the process of use of the archival material, the archivists must be very careful in order to protect confidential, sensitive, legal and other information contained in the archival material, and take some measures in relation to the personal data protection. Herein, the author, also talks about the current Law on personal data protection and the harmonisation of the national law with the European legislation.

scholarly journals GDPR implementation as the main reason for the regional fragmentation in the online mediasphere

2021 ◽  
Vol 273 ◽  
pp. 08099
Author(s):  
Mikhail Smolenskiy ◽  
Nikolay Levshin
Keyword(s):  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
Main Role ◽  
The European Union ◽  
Protection Measures ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
The Usa ◽  
General Data

The EU’s General Data Protection Regulation (GDPR) applies not only to the territory of the European Union, but also to all information systems containing data of EU’s citizens around the world. Misusing or carelessly handling personal data bring fines of up to 20 million euros or 4% of the annual turnover of the offending company. This article analyzes the main trends in the global implementation of the GDPR. Authors considered and analyzed results of personal data protection measures in nineteen regions: The USA, Canada, China, France, Germany, India, Kazakhstan, Nigeria, Russia, South Korea and Thailand, as well as the European Union and a handful of other. This allowed identifying a direct pattern between the global tightening of EU’s citizens personal data protection and the fragmentation of the global mediasphere into separate national segments. As a result of the study, the authors conclude that GDPR has finally slowed down the globalization of the online mediasphere, playing a main role in its regional fragmentation.

Sign in / Sign up

Export Citation Format

Share Document