Competences, Position and Role of Data Protection Officers in Ensuring Library Data Protection Compliance

Thumbnail Image

Files

s05-2019-katulic-en.pdf (223.33 KB)

Date

2017

Authors

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

The General Data Protection Regulation that recently entered into force in the European Union represents a significant milestone in development of efficient personal data protection in Europe. As a substantial upgrade to current legal framework it now explicitely provides the rights and freedoms of data subjects and responsibilities of data controllers and data processors. The Regulation is directly applied in legal systems of Member States and contains provisions designed to ensure data controllers, such as libraries, process personal data in line with the recognized principles of data protection. Libraries acquire personal data of users, authors and other physical persons (data subjects) through different means. Recognizing the need for specialized oversight and guidance on implementing Regulation mechanisms to ensure safe and secure personal data processing, the new law extensively regulate the position, role and competence of data protection officer whose main tasks include providing compliance advice for data controllers, handling of user requests and contact with the competent national data protection authority. As most libraries fall under the category of public bodies or authorites, the law mandates designation of such individual. Even when this is not the case and other Regulation conditions do not apply, it may be prudent to designate a data protection officer out of concern for data subject rights and freedoms and to coordinate efforts to achieve the highest level of compliance. The purpose of this presentation is to point out difficulties in achieving compliance for libraries in the public sector, identify the issues where having a data protection officer might be useful, help libraries establish a DPO position and choose a person of adequate competence.

Description

Keywords

Citation

Article 29 Working Party Guidelines on Data Protection Officers, 16/EN W243 from 13th of December, 2016. [2019-06-21] Available at: 2https://ec.europa.eu/information_society/newsroom/image/document/2016-51/wp243_en_40855.pdf Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Official Journal L 281 , 23/11/1995 P. 0031 - 0050 IFLA Code of ethics [2019-06-18] Available at: https://www.ifla.org/publications/node/11092 IFLA Statement on Privacy in the Library Environment [2019-06-18] Available at: https://www.ifla.org/files/assets/hq/news/documents/ifla-statement-on-privacy-in-the-library-environment.pdf Katulić, A. Normativna baza imena u kontekstu Opće Uredbe o zaštiti podataka. // Vjesnik bibliotekara Hrvatske 61, 1(2018) , 573-592. doi:10.30754/vbh.61.1.599 Katulić, A.; Katulić, T. GDPR and the Reuse of Personal Data in Scientific Research // MIPRO 2018 : 41st International Convention Proceedings, 1514-1519 Papaioannou, G.; I. Sarakinos. The General Data Protection Regulation (GDPR, 2016/679/EE) and the (Big) Personal Data in Cultural Institutions: Thoughts on the GDPR Compliance Process // Maturity and Innovation in Digital Libraries, 20th International Conference on Asia-Pacific Digital Libraries, ICADL 2018, Hamilton, New Zealand, November 19-22, 2018, Proceedings / ed. by Milena Dobreva, Annika Hinze, Maja Žumer. Heidelberg: Springer International Publishing, 2018. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance) OJ L 119, 4.5.2016, p. 1–88 [2019-06-13] Available at: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=HR Zakon o zaštiti osobnih podataka // pročišćeni tekst, Narodne Novine 103/03, 118/06, 41/08, 130/11, 106/12 Available at: https://www.zakon.hr/z/220/Zakon-o-za%C5%A1titi-osobnih-podataka Law on Application of the General Data Protection Regulation, OG of the Republic of Croatia no. 42/2018. / Zakon o provedbi Opće uredbe o zaštiti podataka. // Narodne novine 42, 805(2018). [2019-06-13]. Available at: https://narodne-novine.nn.hr/clanci/sluzbeni/2018_05_42_805.html White, B. Briefing: Impact of the General Data Protection Regulation 2018. [2019-06-13]. Available at: https://www.ifla.org/files/assets/clm/publications/briefing_general_data_protection_regulation_2018.pdf Rydén J. Memo/Case study – data protection reform [2019-06-13] Available at: http://www.eblida.org/Experts%20Groups%20papers/EGIL-papers/EGIL_Data_Protection_Regulation_Memo_CaseStudy_2016.pdf

URI

https://repository.ifla.org/handle/20.500.14598/6648

Collections

World Library and Information Congress (WLIC) Papers and Presentations