Unit:
Κατεύθυνση Ηλεκτρονικός Αυτοματισμός (Η/Α, με πρόσθετη εξειδίκευση στην Πληροφορική και στα πληροφοριακά συστήματα)Library of the School of Science
Author:
Theoulaki Charikleia
Supervisors info:
Κωνσταντίνος Λιμνιώτης, Εξωτερικός Διδάσκων,Τμήμα Πληροφορικής και Τηλεπικοινωνιών, ΕΚΠΑ
Διονύσης Ρεΐσης, Αναπληρωτής Καθηγητής Τμήμα Πληροφορικής και Τηλεπικοινωνιών, ΕΚΠΑ
Άννα Τζανακάκη, Αναπληρώτρια Καθηγήτρια Τμήμα Πληροφορικής και Τηλεπικοινωνιών, ΕΚΠΑ
Original Title:
Εκτίμηση Αντικτύπου στο Γενικό Κανονισμό Προστασίας των Δεδομένων: Μελέτη περίπτωσης
Translated title:
Impact Assessment in the General Data Protection Regulation: A Case Study
Summary:
This dissertation examines in depth the innovative process of Data Protection Impact Assessment (DPIA) that is conditionally imposed by the General Data Protection Regulation (EU) 2016/679. As a case study, the processing of data collected through the information system of the Ministry of Education and Religious Affairs called "myschool" has been chosen, so as to define the methodology of conducting Data Impact Assessment by using a real world case of processing personal data of a public body, with great importance and of a large scale.
The ultimate goal of the study is to highlight the importance of Data Protection Impact Assessment, to clarify the way it should be implemented and to examine its feasibility in combination with modern risk management methods.
In particular, this research examines the current legal framework introduced by the GDPR and the requirements it sets. The PDIA and its under condition execution –carrying out a DPIA is not mandatory for ever processing operation- are studied in depth while the risk management process is also analyzed as part of an impact assessment. Finally, the case study of the impact assessment of the processing carried out by the information system "myschool" of the Ministry of Education, using the DPIA method of CNIL (French Data Protection Authority) is executed. The methodology and the tool for the DPIA are also presented in detail. The research concludes to an evaluation of the remaining risks and to the proposal of corrective measures.
Main subject category:
Science
Other subject categories:
Technology - Computer science
Keywords:
General Data Protection Regulation, data protection impact assessment, risk management, privacy, personal data
File:
File access is restricted only to the intranet of UoA.
CharikleiaTheoulaki_HA_AM03511.pdf
3 MB
File access is restricted only to the intranet of UoA.
