Title Model upravljanja informacijskom sigurnošću u usklađivanju s europskom pravnom regulativom zaštite podataka
Title (english) Information security management model in compliance with european data protection rules
Author Natalija Parlov
Mentor Robert Kopal (mentor) MBZ: 338272
Committee member Ivo Andrijanić (predsjednik povjerenstva) MBZ: 117570
Committee member Đuro Tunjić (član povjerenstva) MBZ: 363641
Committee member Tihomir Katulić (član povjerenstva) MBZ: 288026
Granter University of Zadar Zadar
Defense date and country 2021-06-07, Croatia
Scientific / art field, discipline and subdiscipline SOCIAL SCIENCES Interdisciplinary Social Sciences
Universal decimal classification (UDC ) 004 - Computer science and technology. Computing. Data processing
Abstract Europsko je Jedinstveno digitalno tržište (DSM), zahvaljujući e-trgovini i e-upravi, jedan od najvažnijih pokretača europskog gospodarstva. Zbog značajnih promjena uslijed novih načina poslovanja u okolnostima digitalne ekonomije donesen je regulatorni okvir koji ne ovisi o državnim granicama i usmjeren je ka zaštiti privatnosti te informacijskoj sigurnosti. Europski regulativa vezana uz zaštitu osobnih podataka ne nudi procesno primjenjiv način usklađivanja organizacija što je vidljivo u otežanom razumijevanju organizacija oko nužnih prilagodbi organizacijskih, ali i tehničkih aspekata poslovanja. Uz pravne posljedice, neusklađenost s njome dovodi i do značajnih posljedica u smislu otežavanja ili potpune nemogućnosti daljnjeg izvoza na europsko tržište. Ciljevi disertacije su ispunjeni odnosno primarnim istraživanjem je ustanovljena međupovezanost između (1) razumijevanja zahtjeva propisanih Općom uredbom o zaštiti podataka (Uredba EU 2016/679) i (2) nedostatka smjernica za usklađivanje poslovnih procesa s Uredbom te je ustanovljena i orijentiranost plasmanu na europsko tržište. Dobiveni rezultati pokazali su da je većina ispitanika razumjela obveze propisane Uredbom no preko 40 % njih je imalo potrebu za dodatnim stručnim pojašnjenjima, dok gotovo deset posto njih nije uopće razumjelo nove obveze. Nije ustanovljena povezanost između veličine organizacije, kompleksnosti obrade osobnih podataka i percipirane težine usklađivanja s Uredbom, ali su znakoviti indikatori vezani uz izvoz na europsko tržište koji ukazuju da gotovo dvije trećine ispitanika dio svojih prihoda ostvaruje izvozom na EU tržište. U organizacijama u kojima je proces usklađivanja još u tijeku i onima koje tek planiraju pokrenuti proces usklađivanja s Uredbom, čak trećina njih očekuje povećanje udjela prihoda od poslovanja sa zemljama Europske unije u svojim prihodima iako još uvijek nisu ispunile nužan uvjet o usklađivanju s njome. Također, pokazalo se da organizacije koje u svom poslovanju koriste ISO sustave, usklađivanje s Uredbom percipiraju manje teškim te su analizom službenih dokumenata EU-a vezanih uz normizaciju i standardizaciju u uvjetima digitalne transformacije identificirani preferirani ISO u svojstvu zaštite sustava i podataka. Na bazi njihove metodologije napravljen je model koji predstavlja primjenjiv opći okvir za strukturirano uspostavljanje, usklađivanje i provođenje revizije usklađenosti organizacijskih i tehničkih mjera s Uredbom i nacionalnim provedbenim zakonom, ali i ISO/IEC 27001 i ISO/IEC 27701 sustava upravljanja.
Abstract (english) Owing to e-commerce and e-government, the European Digital Single Market (DSM) is one of the most important drivers of the European economy. Due to significant changes attributable to ways of doing business in new conditions related to digital economy, a regulatory framework has been adopted that does not depend on state borders and is aimed at protecting information security and privacy. European regulations concerning personal data protection do not offer organizations an applicable process manner of harmonizing with requirements related to organizational and technical measures. Non-compliance with regulations does not only lead to legal but also to other significant consequences, such as aggravated or entirely impossible further exports to the European market. The objectives of the dissertation have been achieved, the primary research has established an intercorrelation between, respectively: (1) the understanding of the requirements prescribed by the General Data Protection Regulation (EU Regulation 2016/679) (2) the nonexistence of guidelines for harmonizing business processes with the Regulation and (3) the orientation to the European market. The obtained results indicated that the majority of respondents understood the obligations set out by the Regulation, but more than 40% of respondents required additional expert clarifications, while almost 10% of them did not understand the new obligations. Moreover, it has been revealed that organizations that apply ISO systems in their business perceive harmonizing with the Regulation as less difficult, and those that use ISO/IEC 27001, in larger amount consider it helpful in meeting the requirements specified by the Regulation. No correlation has been established between the size of the organization, the complexity of personal data processing and the perceived difficulty of harmonizing with the Regulation but significant are the indicators where almost two thirds of respondents is achieving some revenue from the exports to EU market. At the same time, almost one third of respondents believe that their organizations will increase the share of the operating revenue with EU countries in the current year, although they have not yet harmonized their business with the Regulation to the fullest extent. Moreover, it has been revealed that organizations that apply ISO systems in their business perceive harmonizing with the Regulation as less difficult and consequently, the official EU documents regarding standardisation and harmonisation in the conditions of digital transformation have been analyzed as well as preffered ISO standards of information security and privacy for the purpose of system and data protection identified. Based on their methodology, a model has been developed to represent an applicable general framework for the structured establishment, harmonization and compliance audit of organizational and technical measures with the Regulation and the national Act on the implementation of Regulation and/or controls of the ISO/IEC 27001 and ISO/IEC 27701 management system
Keywords
digitalna ekonomija
informacijska sigurnost i privatnost
zaštita podataka
europska pravna regulativa
europsko jedinstveno digitalno tržište
ISO/IEC 27001
ISO/IEC 27701
Keywords (english)
digital economy
information security and privacy
data protection
European legislation
Digital Single Market
ISO/IEC 27001
ISO/IEC 27701
Language croatian
URN:NBN urn:nbn:hr:162:924392
Promotion 2021
Study programme Title: Joint postgraduate doctoral study International Relations Study programme type: university Study level: postgraduate Academic / professional title: doktor/doktorica znanosti iz područja društvenih znanost, polje interdisciplinarne društvene znanosti (doktor/doktorica znanosti iz područja društvenih znanost, polje interdisciplinarne društvene znanosti)
Type of resource Text
File origin Born digital
Access conditions Open access
Terms of use
Created on 2021-09-07 10:40:26