Compliance Management of GDPR in Healthcare Environment (University Medical Centre Ljubljana Case)
Marko Zebec Koren
Additional contact information
Marko Zebec Koren: University Medical Centre Ljubljana
from University of Primorska Press
The article presents the starting points and activities of the University Medical Centre Ljubljana before and after European parliament adopted EU Regulation on Personal Data Protection in May 2016. UMC Ljubljana has designed/developed a four-dimensions scheme to help ensure compliance. Thus, we are dealing with the normative level, the procedural level, the technological level and the cultural level. Many of us are involved in the process of dealing with personal data. Many of us are involved in the process of dealing with our personal data, donating personal data, and sometimes selling it to corporations and institutions, at the same time. However, we can be the ones who in our professional environments encounter the personal data of other individuals and look at them, collect them, delete them, in short, process them. The EU regulation on personal data protection (with the "infamous" abbreviation GDPR) brings before us, on the one hand, a fundamental consideration of the nature and role of personal data and, on the other hand, a wealth of challenges, dilemmas, concerns and activities related to this area. The starting point in understanding the protection of personal data is "I am the owner of my personal data". To process personal data, each organization must have a legal basis. The collection and processing must be compliance with legal obligation, personal consent, contractual relationship, legitimate or public interest and protection of the vital interests of the individual. The collection and processing of personal data must be as small as possible and proportionate in regard to the purpose of the collection of the data. The data controller or processor of personal data must protect my data well enough. Thus, we can establish a framework here that gives us a tool in assessing and establishing the field of personal data protection.
Keywords: GDPR; compliance; personal data; data controller; data processor; 4-dimensions GDPR scheme (search for similar items in EconPapers)
References: Add references at CitEc
Citations: Track citations by RSS feed
Downloads: (external link)
http://www.hippocampus.si/ISBN/978-961-293-077-6/158.pdf full text (application/pdf)
This item may be available elsewhere in EconPapers: Search for items with the same title.
Export reference: BibTeX
RIS (EndNote, ProCite, RefMan)
Persistent link: https://EconPapers.repec.org/RePEc:prp:micp20:277-282
Access Statistics for this chapter
More chapters in MIC 2020: The 20th Management International Conference from University of Primorska Press
Bibliographic data for series maintained by Alen Jezovnik ().