GR Semicolon EN

Show simple item record

dc.contributor.author
Dima, Thaleia
en
dc.date.accessioned
2021-09-13T10:10:43Z
dc.date.issued
2021-09-13
dc.identifier.uri
https://repository.ihu.edu.gr//xmlui/handle/11544/29823
dc.rights
Default License
dc.subject
GDPR
en
dc.subject
Personal data
en
dc.title
Studying the lifecycle of personal data in a Greek company
en
heal.type
masterThesis
en_US
heal.generalDescription
This master’s thesis examines how organizations and companies (either small or large) can find and precisely define the possible areas, which need to be improved concerning the data protection regulation needs and guidelines. According to previous literature reviews, there are key areas of importance for every company in order to comply with the data protection regulation. These key areas are the data awareness, the categories of the entered and stored data, the data subject’s rights and the lawfulness of the data processing. Terms and principles such as the data protection by design and by default, the appointment of a Data Protection Officer or the direct hire of a lead, who will be aware of the data protection regulation, are also reported. The case study includes also terms and processes about the data processing agreements and the data subject’s consent in general
en
heal.dateAvailable
2022-03-12T22:00:00Z
heal.language
en
en_US
heal.access
embargo
heal.license
http://creativecommons.org/licenses/by-nc/4.0
en_US
heal.recordProvider
School of Science and Technology, MSc in e-Business and Digital Marketing
en_US
heal.publicationDate
2021-05-20
heal.abstract
This dissertation was written as a part of the MSc in e-business and Digital Marketing at the International Hellenic University. The new General Data Protection Regulation (GDPR) of the European Union enforced on 25th of May 2018. The GDPR is a set of legal rules about know companies should process the personal data of the EU citizens. Every organization, which operates within the EU and processes personal data of the EU citizens, must be compliant with this data protection regulation. Moreover, every organization, which operates within the European Union, should meet the data protection regulations requirements. The main goal of this regulation is to protect and strengthen the individuals’ rights to take control over their own data. The GDPR theory mainly sets out six fundamental privacy principles and the rights of data subjects. This master’s thesis examines how organizations and companies (either small or large) can find and precisely define the possible areas, which need to be improved concerning the data protection regulation needs and guidelines. According to previous literature reviews, there are key areas of importance for every company in order to comply with the data protection regulation. These key areas are the data awareness, the categories of the entered and stored data, the data subject’s rights and the lawfulness of the data processing. Terms and principles such as the data protection by design and by default, the appointment of a Data Protection Officer or the direct hire of a lead, who will be aware of the data protection regulation, are also reported. The case study includes also terms and processes about the data processing agreements and the data subject’s consent in general. Using the data of a small company and more specifically LAKY’s data, which is primarily a data processor and then the data controller, a case study was conducted. The assigner business for the research study is situated in Arta, a small city of Greece and the core activity of this company is to provide high quality pet food. The GDPR compliance assessment was done after conducting the data documentation, an internal audit and interviews with company’s experts. Based on the overall GDPR requirements, a beneficial tool for GDPR assessment was applied. Comparing four and different GDPR self assessment tools, the most beneficial tool was selected. This tool is developed and proposed by the UK’s Information Commissioner’s Office, the UK’s independent data protection authority. After using the self-assessment tool proposed by the UK’s ICO, areas of improvement were found, and further suggestions were also made. The main areas, which the case company should improve, were information security and data protection policies, DPIA, DPO and general management of data protection.
en
heal.advisorName
Karapiperis, Dimitris
en
heal.committeeMemberName
Karapiperis, Dimitris
en
heal.committeeMemberName
Komnios, Komninos
en
heal.committeeMemberName
Laspita, Stavroula
en
heal.academicPublisher
IHU
en
heal.academicPublisherID
ihu
en_US


This item appears in the following Collection(s)

Show simple item record

Related Items