IZAZOVI S KOJIMA SE SUOČAVAJU MALI I SREDNJI PODUZETNICI PRI IMPLEMENTACIJI OPĆE UREDBE O ZAŠTITI PODATAKA
DOI:
https://doi.org/10.25234/pv/23972Ključne riječi:
usklađenost, hrvatski mali i srednji poduzetnici, nadzorna tijela za zaštitu podataka, Opća uredba o zaštiti podataka, zaštita osobnih podatakaSažetak
Opća uredba o zaštiti podataka (EU) 2016/679 koja se jedinstveno primjenjuje od 25. svibnja 2018. u Europskom gospodarskom prostoru (EGP) zahtijeva od malih i srednjih poduzeća da poštuju pravo na zaštitu osobnih podataka svojih klijenata, kupaca i zaposlenika. Opća uredba o zaštiti podataka osmišljena je kako bi ojačala pravo na zaštitu podataka svih pojedinaca unutar EGP-a, a ujedno olakšala prekogranični protok osobnih podataka i potaknula razvoj digitalne ekonomije. Opća uredba o zaštiti podataka u punoj je primjeni više od četiri godine, ali i dalje predstavlja problem za hrvatska mala i srednja poduzeća, kojima za razliku od većih tvrtki, vrlo često nedostaju ljudski i financijski resursi za usklađivanje s pravnim okvirom zaštite podataka. Ovaj rad obuhvaća teorijska razmatranja i rezultate online ankete provedene među 345 malih i srednjih poduzeća u Republici Hrvatskoj sa svrhom dobivanja uvida u izazove s kojima se suočavaju pri usklađivanju s Općom uredbom o zaštiti podataka. Rezultati istraživanja pokazali su da razumijevanje obveza koje proizlaze iz Opće uredbe o zaštiti podataka i usklađenost s pravnim okvirom zaštite podataka među hrvatskim malim i srednjim poduzećima nije na zadovoljavajućoj razini.
Reference
Brodin M, 'A Framework for GDPR Compliance for Small and Medium‑Sized Enterprises' (2019) 4 European Journal for Security Research 243
de Hert P and Papakonstantinou V, 'The new General Data Protection Regulation: still a sound system for the protection of individuals?' (2016) 32 Computer Law and Security Review 179
Cochrane L, Jasmontaite-Zaniewicz L and Barnard-Wills D, 'Data Protection Authorities and their Awareness-raising Duties under the GDPR: The Case for Engaging Umbrella Organisations to Disseminate Guidance for Small and Medium-size Enterprises' (2020) 6 (3) European Data Protection Law Review 352
Zell M, 'Data Protection in the Federal Republic of Germany and the European Union: An Unequal Playing Field German Law ' (2014) 15 (3) German Law Journal 461
Härting RC, Kaim R and Ruch D, (2020) 'Impacts of the Implementation of the General Data Protection Regulations (GDPR) in SME Business Models – An Empirical Study with a Quantitative Design' (2022) Agents and Multi-Agent Systems: Technologies and Applications 14th KES International Conference 295
Zanker M, Bureš V, Cierniak-Emerych, A, Nehéz M, 'The GDPR at the Organizational Level: A Comparative Study of Eight European Countries ' (2021) E&M Economics and Management 24(2) 207
Parlov N, Sičaja Ž, Katulić T, 'GDPR –Impact of General Data Protection Regulation on Digital Marketing', Annals of Disaster Risk Sciences (2018) 2 (1) 105
Freitas M. C. and Mira da Silva 'GDPR Compliance in SMEs: There is much to be done' (2018) 3(4) Journal of Information Systems Engineering & Management 30
Puljak L, Mladinić A, Iphofen R and Koporc Z, 'Before and after enforcement of GDPR: Personal data protection requests received by Croatian Personal Data Protection Agency from academic and research institutions' (2020) 30 (3) Biochemia Medica 363
Pedroso LM, Araújo VM, Cota MP and Paulo Magalhães J, 'How can GDPR fines help SMEs ensuring the privacy and protection of processed personal data' (2021) 16th Iberian Conference on Information Systems and Technologies (CISTI) 1
Niebel C, 'The impact of the general data protection regulation on innovation and the global political economy' (2021) 40 Computer Law & Security Review
Jasmontaitė-Zaniewicz L, Calvi A, Nagy R and Barnard-Wills D, The GDPR made simple(r) for SMEs (ASP editions - Academic and Scientific Publishers 2021)
Quinn B, Data Protection Implementation Guide: A legal, Risk and Technology Framework for the GDPR (Kluwer Law International 2021)
Tzolov T, 'One Model For Implementation GDPR Based On ISO Standards' (2018) International Conference on Information Technologies (InfoTech) 1
REGULATIONS AND DOCUMENTS
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) <https://eur-lex.europa.eu/eli/reg/2016/679/oj> accessed 16 June 2022 (HR)
Zakon o provedbi Opće uredbe o zaštiti podataka (NN 42/2018) (HR)
Zakon o zaštiti osobnih podataka (no longer in force) (NN 106/2012) (HR)
European Commission’s COMMUNICATION (COM/2020/264) Data protection as a pillar of citizens’ empowerment and the EU’s approach to the digital transition – two years of application of the General Data Protection Regulation <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52020DC0264 > accessed 16 June 2022 (EN)
INTERNET RESOURCES
'Godišnja izvješća o radu' (Croatian Personal Data Protection Agency, 8 November 2021) <https://azop.hr/godisnja-izvjesca-o-radu/> accessed 18 June 2022
'Izvješće o malim i srednjim poduzećima u Hrvatskoj – 2021. Mala i srednja poduzeća u hrvatskoj u uvjetima pandemije bolesti covid-19' (Center for Development Policy of SMEs, 30 June 2022) <https://www.cepor.hr/wp-content/uploads/2015/03/CEPOR-Mala-i-srednja-poduze%C4%87a-u-HR-u-vrijeme-pandemije-COVID-19.pdf> accessed September 2022
'Izdane nove upravne novčane kazne' (Croatian Personal Data Protection Agency, 5 July 2021) <https://azop.hr/izdane-nove-upravne-novcane-kazne> accessed 16 June 2022
'Radionice za mikro, male i srednje poduzetnike' (Awareness Campaign for SMEs, 20 September 2020) <https://arc-rec-project.eu/dogadanja/> accessed 18 June 2022
'About the Croatian Personal Data Protection Agency' (Croatian Personal Data Protection Agency, 2 December 2018) <https://azop.hr/about-the-agency/> accessed 18 June 2022
'Contribution of the EDPB to the evaluation of the GDPR under Article 97' (European Data Protection Board, 18 February 2020) <https://edpb.europa.eu/our-work-tools/our-documents/other/contribution-edpb-evaluation-gdpr-under-article-97_en> accessed 25 May 2022
'Handbook on European data protection law' (European Union Agency for Fundamental Rights and Council of Europe, 25 May 2018) <https://fra.europa.eu/sites/default/files/fra_uploads/fra-coe-edps-2018-handbook-data-protection_en.pdf> accessed 23 May 2022
'What is SME?' (European Commission, 8 September 2020) <https://ec.europa.eu/growth/smes/sme-definition_en> accessed 6 June 2022
Hustinx P, 'EU Data Protection Law: The Review of Directive 95/46/EC and the Proposed General Data Protection Regulation' (European Data Protection Supervisor, 15 September 2014) <https://edps.europa.eu/sites/default/files/publication/14-09-15_article_eui_en.pdf> accessed 23 May 2022
'The Standard Data Protection Model: A method for Data Protection advising and controlling on the basis of uniform protection goals' (AK Technik of the Independent Data Protection Supervisory Authorities of the Federation and the Länder, 17 April 2020) <https://www.datenschutzzentrum.de/uploads/sdm/SDM-Methodology_V2.0b.pdf> accessed 23 May 2022
'DLA Piper GDPR Fines and Data Breach Survey: January 2023' (DLA Piper, 25 January 2023) <https://www.dlapiper.com/en-ae/insights/publications/2023/01/dla-piper-gdpr-fines-and-data-breach-survey-january-2023> accessed 18 June 2022
'What if my company/organisation fails to comply with the data protection rules?' (European Commission, 25 May 2018) <https://commission.europa.eu/law/law-topic/data-protection/reform/rules-business-and-organisations/enforcement-and-sanctions/sanctions/ what-if-my-companyorganisation-fails-comply-data-protection-rules_en> accessed 18 June 2022
Barnard-Wills D, Cochrane L, Mattur K, Waterford F, Marchetti F, 'Report on the SME experience of the GDPR' <https://star-project-2.eu/wp-content/uploads/2021/02/STARII-D-2.2-Report-on-the-SME-experience-of-the-GDPR.pdf>accessed 18 March 2023
'SME research' (Information Commissioner’s Office, SME research, April 2021) https://ico.org.uk/media/about-the-ico/documents/4024787/ico-sme-research-2021.pdf accessed 18 March 2023
'Guidelines, Recommendations, Best Practices' (European Data Protection Board) <https://edpb.europa.eu/our-work-tools/general-guidance/guidelines-recommendations-best-practices_en> accessed 18 March 2023
'How well do you comply with data protection law: an assessment for small business owners and sole traders' (Information Commissioner’s Office, April 2019) <https://ico.org.uk/for-organisations/sme-web-hub/checklists/assessment-for-small-business-owners-and-sole-traders/> accessed 18 March 2023
'Guidance for SMEs' (Data Protection Commission Ireland, July 2019) <https://www.dataprotection.ie/en/dpc-guidance/guidance-smes> accessed 18 March 2023
'Facilita RGPD' (Spanish Personal Data Protection Agency, May 2019) <https://www.aepd.es/en/guides-and-tools/tools/facilita-rgpd> accessed 18 March 2023
'Guidelines, Recommendations, Best Practices' (European Data Protection Board, 10 October 2022) <https://edpb.europa.eu/our-work-tools/general-guidance/guidelines-recommendations-best-practices_en> accessed 20 October 2022
'Objectives of ARC project' (Awareness Campaign for SMEs, 20 September 2020) <https://arc-rec-project.eu/objectives/> accessed 18 June 2022
##submission.downloads##
Objavljeno
Broj časopisa
Rubrika
Autorska prava
Copyright (c) 2023 Anamarija Mladinić, Zdravko Vukić, Ante Rončević
Ovaj rad licenciran je pod Creative Commons Attribution-NonCommercial 4.0 International License.
Autori zadržavaju autorska prava za članke objavljene u časopisu, no daju časopisu pravo prvog objavljivanja. Radove prihvaćene za objavljivanje ili već objavljene u Pravnom vjesniku Pravnog fakulteta u Osijeku autor smije objaviti u drugim publikacijama, uz napomenu da je rad već objavljen u Pravnom vjesniku.
