Práva a povinnosti zaměstnavatele jako správce osobních údajů / Rights and obligations of the employer as a data controller

Trinerová, Eliška

January 2019

This diploma thesis deals with the topic of personal data protection, and focuses particularly on the duties of the data controller, which also largely apply to the employer as the controller of the personal data of the employees. The diploma thesis builds primarily on the legal regulation of personal data protection contained in GDPR, while in some sections, a comparison with the previously effective personal data protection legislation is included. The objective of this diploma thesis is to provide a comprehensive overview of fundamental personal data protection institutes from the data controller's point of view with a focus on the analysis of some of the obligations which has been newly introduced by GDPR. The diploma thesis is divided into four chapters, which are further divided into a relatively high number of subchapters. The first chapter contains a historical overview of legislation on personal data protection at the international and European (European Union) level as well as national levels. The second chapter defines the fundamental terms related to personal data protection which are used in GDPR, such as personal data, data subject, data controller and processor, recipient of the personal data or personal data processing. The third chapter discusses the fundamental principles relating...

Zpracování osobních údajů v souvislosti se zaměstnáním a jejich ochrana / Data processing and data protection in connection with employment

Smotlachová, Jana

January 2019

97 Data processing and data protection in connection with employment Abstract This work is dedicated to issues concerning data processing in connection with employment. Given the extensiveness of this topic, this thesis focuses primarily on the processing of personal data prior to the establishment of an employment relationship. The main area of study is the job applicants' data processing in different model situations. The aim of this thesis is to establish a solution for how to process candidates' personal data in order to comply with the General Data Protection Regulation. The goal is accomplished by applying the General Data Protection Regulation to particular model situations. This work is divided into three chapters. Chapter 1 deals with the history of the data protection law and presents differences between the right to data protection and the right to privacy. It also discusses the current legal regulations in the General Data Protection Regulation and the Czech Data Processing Act and gives reasons for adoption of such legislation. Chapter 2 concentrates primarily on the key terminology of the data protection laws. This chapter consists of sub-chapters according to the terms discussed, namely personal data, data subject, data processing, controller and processor. Related issues from the General...

Vybrané problémy technologické realizace evropské ochrany osobních údajů / Selected issues in technological realization of European data protection

Kubica, Jan

January 2019

This thesis focuses on the legal regulation of selected aspects of the personal data protection at the European level. Fuelled by the technological progress, this area of legal regulation is becoming increasingly important, as the usage of personal data can be source of both innovation and economic progress, but it also has the potential to negatively impact individuals` rights ("chilling effect"). The thesis analyses the usage of big data and automated individual decision making; both phenomena are assessed through principles contained in GDPR. The aim of the thesis is to, as far as these two phenomena are concerned, evaluate functionality and perspectives of the European regulation. The thesis is, apart from the introduction and the conclusion, divided into three chapters. The first part briefly introduces the concept of the right to the protection of personal data and the fundamental legal framework of the European regulation. This chapter is followed by a chapter focused on the big data, in which, after a necessary technical introduction is made, current practices of data controllers are contrasted with corresponding principles of data protection regulation. Particular attention is also paid to the pitfalls of anonymization. At the end of this chapter, it is concluded that all relevant...

Svenskarnas bild av GDPR : En kvantitativ undersökning om allmänhetens kunskap och åsikter om den nya dataskyddsförordningen

Hölzer, Markus, Eklund, Alexander

January 2019

Det har gått ungefär ett år sedan dataskyddsförordningen (GDPR) infördes i Sverige och EU och med den har det kommit flera olika rättigheter för att försöka få konsumenterna att känna sig tryggare och få bättre kontroll över sina personuppgifter. Med GDPR kommer ett antal rättigheter som kan vara viktigt för konsumenter att känna till och använda sig av för att få ut det mesta av GDPR. Då tekniken utvecklas väldigt snabbt så är denna förordning viktig för att försöka hänga med i denna utveckling, men vad tycker konsumenterna om den nya förordningen och de regler som medföljer? Denna uppsats har haft som syfte att ta reda på just vad konsumenterna tycker om denna nya förordning och om de tycker den är bra eller om det finns något som kan bli bättre. Författarna har använt sig utav en enkätundersökning där enkäten har skickats ut för att samla in data, med data menas till exempel hur de uppskattar sin kunskap om GDPR, var de fått informationen om GDPR ifrån, och om de tycker att den nya förordningen är bra eller om det finns några brister. Det finns också ett antal artiklar som respondenterna har uppskattat hur viktig den är för dem och om de använt den någon gång. Detta är alltså en kvantitativ undersökning som haft som syfte att ta reda på vad konsumenterna tycker om GDPR eller om de anser att det finns förbättringspotential. Det har sedan undersökts om det finns någon skillnad mellan åldersgrupper, sysselsättning och kön. Det har visat sig att de allra flesta tycker GDPR är bra men att den skulle kunna vara lättare att förstå. Det är dock inte fler än ungefär 50% som känner sig säkra på vad GDPR innebär för dem som konsumenter och har därför inte så stor koll på vad de har för rättigheter. Det är alltså något som kan behöva jobbas mer på, att få ut mer kunskap om GDPR till konsumenterna.

GDPR

Dataskyddsförordningen

dataskydd

attityd

kunskap

konsument

Information Systems, Social aspects

Öppna myndighetsdata och personlig integritet : Hur geografiska aggregeringar bevarar personlig integritet och användbarhet i öppna data

Älvgren, Ebba

January 2019

Denna studie undersöker hur myndigheter kan öppna upp data som innehåller personuppgifter genom att geografiskt aggregera datamaterial för att bevara personlig integritet. Personlig integritet definieras i denna kontext i enlighet med dataskyddsförordningen som skyddet av personuppgifter. De aggregeringar som utreddes är de arealbaserade svenska områdena SAMS, DESO och Kommuner. Även Bespoke-neighborhood-metoden k-närmaste granne utvärderades i ett spann som gick från 5 till 1280 individer. En metod skapades för att kvantifiera hur identifierbara individer är utifrån sannolikheten att uppskatta att en personuppgift tillhör en individ. Användbarheten av datamaterialet operationaliserades som hur nära rådata det var i geografisk detaljnivå. Resultatet blev att metoden ”aggregeringar av k-närmaste granne” är den mest anpassningsbara och användbara metoden för att bevara personlig integritet och användbarhet när data aggregeras.

Open data

OGD

personal integrity

spatial aggregations

spatial ethics

GDPR

Human Geography

Kulturgeografi

How do B2B companies approach CRM and the management of customer data in today’s era of social media and GDPR? : A Multiple Case Study

Degerman, Isabel, Eckerbom, Johanna, Gu, Hong

January 2019

This multiple case study focuses on the customer relationship management (CRM) processes and the management of customer data within two international business-to-business (B2B) companies based in the southern parts of Sweden.  This study explores and compares these companies’ approaches to CRM in today’s era of social media and the General Data Protection Regulation (GDPR). A qualitative research method in the form of 12 semi-structured interviews were conducted and later analyzed through coding using grounded theory.   The findings of this study show that the companies studied work in both different and similar ways when it comes to CRM, with one having recently implemented a new CRM system while the other relies on their enterprise resource (ERP) system for the same purposes. Neither company are proactively using social media and although both companies have taken action to adapt to the new rules set by the GDPR, neither seem to know exactly how it works. Through its theoretical-, managerial-, as well as social policy implications, this study contributes to the existing research on CRM in a B2B context by providing a contemporary perspective which takes into account the influence of social media and the GDPR.

Relationship marketing

CRM

CRM systems

Social media

Social CRM

GDPR

Customer data

Business Administration

Företagsekonomi

Towards Improving Transparency, Intervenability, and Consent in HCI

Karegar, Farzaneh

January 2018

Transparency of personal data processing is enforced by most Western privacy laws, including the new General Data Protection Regulation (GDPR) which will be effective from May 2018. The GDPR specifies that personal data shall be processed lawfully, fairly, and in a transparent manner. It strengthens people's rights for both ex-ante and ex-post transparency and intervenability. Equally important is the strict legal requirements for informed consent established by the GDPR. On the other hand, the legal privacy principles have Human-Computer Interaction (HCI) implications. People should comprehend the principles, be aware of when the principles may be used, and be able to use them. Transparent information about personal data processing should be concise, intelligible, and provided in an easily accessible form, pursuant to the GDPR. Nonetheless, the answer to the question about how HCI implications can be addressed depends on the attempts to decrease the gap between legal and user-centric transparency, intervenability, and consent. Enhancing individuals' control in a usable way helps people to be aware of the flow of their personal information, control their data, make informed decisions, and finally preserve their privacy. The objective of this thesis is to propose usable tools and solutions, to enhance people's control and enforce legal privacy principles, especially transparency, intervenability, and informed consent. To achieve the goal of the thesis, different ways to improve ex-ante transparency and informed consent are investigated by designing and testing new solutions to make effective consent forms. Moreover, ex-post transparency and intervenability are improved by designing a transparency enhancing tool and investigating users' perceptions of data portability and transparency in the tool. The results of this thesis contribute to the body of knowledge by mapping legal privacy principles to HCI solutions, unveiling HCI problems and answers when aiming for legal compliance, and proposing effective designs to obtain informed consent. / The new General Data Protection Regulation (GDPR) strengthens people’s rights for transparency, intervenability, and consent. The legal privacy principles have Human-Computer Interaction (HCI) implications. Besides aiming for legal compliance, it is of paramount importance to investigate how to provide individuals with usable and user-centric transparency, intervenability, and consent. The objective of this thesis is to propose usable tools and solutions, to enhance people's control and enforce legal privacy principles, especially transparency, intervenability, and informed consent. To achieve the goal of the thesis, different ways to improve ex-ante transparency and informed consent are investigated by designing and testing new solutions to make effective consent forms. Moreover, ex-post transparency and intervenability are improved by designing a transparency enhancing tool and investigating users' perceptions of data portability and transparency in the tool. The results of this thesis contribute to the body of knowledge by mapping legal privacy principles to HCI solutions, unveiling HCI problems and answers when aiming for legal compliance, and proposing effective designs to obtain informed consent. / <p>The 3. article was in manuscript form at the time of the licentiate defense: Karegar, F. / User Evaluations of an App Interface for Cloud-based Identity Management / / Manuskript (preprint)</p>

GDPR

Informed Consent

Intervenability

Transparency

Usable Privacy

Computer Sciences

Datavetenskap (datalogi)

Profilering på webben : En studie om internetanvändares inställning till datainsamling / Profiling on the web : A Study on internet users attitude towards data collection.

Anderberg, Sebastian, Fernström, Johan

January 2018

Data collection is a topic that affects every person that uses various Internet services and has been a current topic the past year among individuals and the actors that collects data. It concerns actors collecting and storing personal data from users that either have or have no knowledge about it. The Cambridge Analytica-scandal which affected over 50 million users on Facebook initiated a discussion which concerns if data collection is right or wrong, but also how actors handle personal data and how it affects the integrity. With the enforcement of General Data Protection Regulation GDPR the 25th of May which will affect actors involved with data collection or usage. The regulation is about how actors can store data and use it. The regulation will also provide users the right to demand to be removed from actor’s databases. There has been some research on opinions among users concerning data collection, but not how they can be different with the knowledge of GDPR. So how is the attitude towards data collection among internet users? Do internet users apply services to prevent data collection? Do they even know about GDPR? A survey was performed to answer these questions and where the answers were put together in the form of statistic data. The purpose of this pre-study is to examine what the attitude is towards data collection. The study also examines how technical knowledge, age and knowledge about GDPR can be related to answers given in the survey. Based on the empirical data and identified relations between measurable variables the study’s conclusions can be made: The attitude to data collection is significant between users who have knowledge about GDPR and those how don´t have. Another conclusion is that the attitude varies between ages, internet habit and which actors who provides the data.

GDPR

dataskyddsförordningen

integritet

spårbarhet

profilering

informationssäkerhet

e-handel

Information Systems

Välfärdsteknik för människor med kognitiva funktionsnedsättningar : I ljuset av skyddet för den personliga integriteten / Using welfare technology on people with mental impairments : In the light of the protection of personal integrity

Stenberg, Amalia

January 2018

No description available.

Konstitutionell rätt

välfärdsteknik

Internet of Things

GDPR

personlig integritet

kognitiva funktionsnedsättningar

Law

Juridik

A case study on managing customer data to comply with GDPR

Hossain, Shahriar

January 2019

Abstract This bachelor thesis paper presents a case study on the technical actions undertaken by a company in order to manage its customers’ personal information in compliance to GDPR (General data protection regulation), a law that was introduced on the 25th May of 2018. GDPR imposes strict responsibilities on the companies dealing with personal information. Therefore, companies located in EU or handling personal information of EU citizen have to review and update their information handling process to comply according to the law. Companies failing to comply with GDPR can be subject to heavy penalty. This paper presents an in-depth picture of how a small company which is quite reliant on data processing adapts itself to the GDPR era when handling their customer’s personal data. The Order Department and the Technical Department within the case company, where most of the customer’s personal information is handled, were studied for this thesis. In conclusion, this case study identified seven different measures that the company undertook to comply with GDPR including periodical deletion of email letters, using separate email addresses for company internal messages, and tight restrictions on who can access what data. Moreover, two major challenges were identified: time and legacy. Time, because a small sized company cannot set off one staff to deal with everything related to GDPR but instead everyone has to take this regulation into consideration. The second challenge is legacy, because data routines before the GDPR were not strict.

GDPR

Personal data

Data protection

Information system

Computer and Information Sciences

Data- och informationsvetenskap