Selected Issues of Personal Data Management at Polish Universities and Implications Resulting from GDPR’S Introduction
Nowadays, the development of ICT has made it possible to access easily the abundant amounts of data that is made available on the Internet. However, this comes at a price, which is the necessity to protect the data, especially personal data, and information processed in the computerised systems of organisations. A low level of measures aimed at ensuring the security of personal data processed on an ever-increasing scale by global organisations and a growing number of incidents of personal data breaches prompted the European Union to introduce in its territory a new regulation that imposes stricter rules in the area of information and personal data protection. The new EU’s legislation that became effective on 25th May 2018 is General Data Protection Regulation, commonly called GDPR. Yet, despite the two-year transition period preceding the GDPR’s coming into force organisations that were primarily affected by its introduction presented various levels in terms of adjustments to the new legislation. The paper presents the selected issues of personal data management at a selected group of Polish universities on the verge of GDPR’s introduction. Based on the results of the conducted survey the authors present in it the assessment of the state of personal data security at the selected Polish universities shortly prior the regulations coming into force as well as the opinions of the survey participants on the GDPR’s impact on personal data management at universities. Additionally, the paper includes also the conclusions on the changes that have appeared in the area of personal data management at universities following the introduction of the GDPR.
Keywords - GDPR, Information Management, Information Security, Personal Data