GDPR implementation in public administration in Poland – 1.5 year after: An empirical analysis
| dc.contributor.author | Szmit, Maciej | |
| dc.contributor.author | Lisiak-Felicka, Dominika | |
| dc.date.accessioned | 2021-09-15T12:33:49Z | |
| dc.date.available | 2021-09-15T12:33:49Z | |
| dc.date.issued | 2021 | |
| dc.identifier.citation | Lisiak-Felicka, D., & Szmit, M. (2021). GDPR implementation in public administration in Poland – 1.5 year after: An empirical analysis. Journal of Economics & Management, 43, 1-21. | pl_PL |
| dc.identifier.issn | 1732-1948 | |
| dc.identifier.uri | http://hdl.handle.net/11089/39072 | |
| dc.description | JEL Classification: M15, H83, K24. | pl_PL |
| dc.description.abstract | Aim/purpose – The paper contains descriptive exploratory research on the implementation of General Data Protection Requirements (GDPR) in a group of Polish public administration offices. The purpose of this research is to investigate the current state of personal data protection in the entities surveyed. Design/methodology/approach – The diagnostic survey method using the Computer Assisted Web Interview was employed. The survey was conducted in local government administration offices a year and a half after the GDPR implementation. Findings – All marshal offices and the majority of districts (about 80%) confirmed that they comply with all the GDPR requirements. The situation was slightly worse in municipal offices – about 23% of them declared that they do not comply with all the GDPR requirements. In officials’ opinion this situation may be improved by conducting training for employees, employee engagement, and appropriate support of the office management. Another aspect that draws attention is a very small budget dedicated to the GDPR implementation and maintenance in most of the offices surveyed. Research implications/limitations – The limitation of the findings is the relatively low responsiveness of the questionnaire survey. Originality/value/contribution – The research concerns a relatively new subject. The state of personal data protection in public administration in Poland after 18 months of the GDPR implementation was analyzed. So far, there is no comprehensive research that has been conducted into this field in local government administration | pl_PL |
| dc.language.iso | en | pl_PL |
| dc.publisher | University of Economics in Katowice | pl_PL |
| dc.relation.ispartofseries | Journal of Economics and Management;43 | |
| dc.rights | Uznanie autorstwa-Użycie niekomercyjne 4.0 Międzynarodowe | * |
| dc.rights.uri | http://creativecommons.org/licenses/by-nc/4.0/ | * |
| dc.subject | General Data Protection Regulation (GDPR) | pl_PL |
| dc.subject | public administration | pl_PL |
| dc.subject | personal data | pl_PL |
| dc.subject | data protection breaches | pl_PL |
| dc.subject | GDPR implementation | pl_PL |
| dc.title | GDPR implementation in public administration in Poland – 1.5 year after: An empirical analysis | pl_PL |
| dc.type | Article | pl_PL |
| dc.page.number | 1-21 | pl_PL |
| dc.contributor.authorAffiliation | Department of Computer Science Faculty of Management University of Lodz, Lodz, Poland | pl_PL |
| dc.contributor.authorAffiliation | Department of Computer Science in Economics Faculty of Economics and Sociology University of Lodz, Lodz, Poland | pl_PL |
| dc.identifier.eissn | 2719-9975 | |
| dc.references | Almeida Teixeira, G., Mira da Silva, M., & Pereira, R. (2019). The critical success factors of GDPR implementation: A systematic literature review. Digital Policy, Regulation and Governance, 21(4), 402-418. https://doi.org/10.1108/DPRG-01-2019-0007 | pl_PL |
| dc.references | Breitbarth, P. (2019). The impact of GDPR one year on. Network Security, 7, 11-13. https://doi.org/10.1016/S1353-4858(19)30084-4 | pl_PL |
| dc.references | DLA Piper. (2020). GDPR Data Breach Survey 2020. Retrieved from https://www.dlapiper. com/en/global/insights/publications/2020/01/gdpr-data-breach-survey-2020/ | pl_PL |
| dc.references | European Parliament. (2016). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Retrieved from https://eur-lex.europa.eu/eli/reg/2016/679/oj | pl_PL |
| dc.references | Fazzini, K. (2019). Europe’s sweeping privacy rule was supposed to change the internet, but so far it’s mostly created frustration for users, companies, and regulators. Retrieved from https://www.cnbc.com/2019/05/04/gdpr-has-frustrated-users-andregulators.html | pl_PL |
| dc.references | Ferreira, A. (2020). GDPR: What’s in a year (and a half). In J. Filipe, M. Smialek, A. Brodsky, & S. Hammoudi (Eds.), Enterprise information systems, Proceedings of the 22nd International Conference, ICEIS 2019 (Vol. 2; pp. 209-216), Science and Technology Publications, Berlin: Springer. https://www.doi.org/10.5220/0009 386002090216 | pl_PL |
| dc.references | Forbes Technology Councils. (2018). 15 Unexpected Consequences of GDPR. Retrieved from https://www.forbes.com/sites/forbestechcouncil/2018/08/15/15-unexpectedconsequences-of-gdpr/#7affb2c994ad | pl_PL |
| dc.references | GDPR Enforcement Tracker. (2020). Fines database. Retrieved October 10, 2020 from https://www.enforcementtracker.com/ | pl_PL |
| dc.references | Jatkiewicz, P. (2015). Zarządzanie bezpieczeństwem w jednostkach samorządowych [Security management in local government units]. In T. Szatkowski (Ed.), Bezpieczeństwo danych w sektorze publicznym [Data security in the public sector]. Warsaw: PTI. Retrieved from https://ir.pti.org.pl/wp-content/uploads/2017/02/Biblioteczka -Izby-Rzeczoznawc%C3%B3w-PTI-Tom-4.pdf | pl_PL |
| dc.references | Krystlik, J. (2017). With GDPR, preparation is everything. Computer Fraud & Security, 6, 5-8. https://doi.org/10.1016/S1361-3723(17)30050-7 | pl_PL |
| dc.references | Laybats, C., & Davies, J. (2018). GDPR: Implementing the regulations. Business Information Review, 35(2), 81-83. https://doi.org/10.1177%2F0266382118777808 | pl_PL |
| dc.references | Lisiak-Felicka, D., Szmit, M., & Szmit, A. (2019). The assessment of GDPR readiness for local government administration in Poland. In Z. Wilimowska, L. Borzemski, & J. Świątek (Eds.), Information systems architecture and technology (Advances in Intelligent Systems and Computing, Vol. 854; pp. 417-426). Berlin: Springer. https://doi.org/10.1007/978-3-319-99993-7_37 | pl_PL |
| dc.references | Lisiak-Felicka, D., Szmit, M., Szmit, A,. & Vaičiūnienė, J. (2020). GDPR implementation in local government administration in Poland and Republic of Lithuania. In Z. Wilimowska, L. Borzemski, & J. Świątek (Eds.), Information systems architecture and technology (Advances in Intelligent Systems and Computing, Vol. 1052; pp. 49-60). Berlin: Springer. https://doi.org/10.1007/978-3-030-30443-0_5 | pl_PL |
| dc.references | Sedlak & Sedlak. (2020). Ile zarabia specjalista ds. bezpieczeństwa informatycznego? Raport wynagrodzeń [How much does an IT security specialist earn? Salary report]. Retrieved October 10, 2020 from https://wynagrodzenia.pl/moja-placa/ilezarabia-specjalista-ds-bezpieczenstwa-informatycznego | pl_PL |
| dc.references | Tamburri, D. (2020, July). Design principles for the General Data Protection Regulation (GDPR): A formal concept analysis and its evaluation. Information Systems, 91, Article 105454. https://doi.org/10.1016/j.is.2019.101469 | pl_PL |
| dc.references | Tatara, U., Gokceb, Y., & Nussbaum, B. (2020). Law versus technology: Blockchain, GDPR, and tough tradeoffs. Computer Law & Security Review, 38, Article 105454. https://doi.org/10.1016/j.clsr.2020.105454 | pl_PL |
| dc.references | UODO. (2019a). Decyzja Prezesa Urzędu Ochrony Danych Osobowych ZSPU. 421.2.2018 [Decision ZSPU.421.2.2018 of President of the Personal Data Protection Office]. Retrieved from https://uodo.gov.pl/decyzje/ZSPU.421.2.2018 | pl_PL |
| dc.references | UODO. (2019b). Decyzja Prezesa Urzędu Ochrony Danych Osobowych ZSPU. 421.3.2019 [Decision ZSPU.421.3.2019 of President of the Personal Data Protection Office]. Retrieved from https://uodo.gov.pl/decyzje/ZSPU.421.3.2019 | pl_PL |
| dc.references | UODO. (2019c). Decyzja Prezesa Urzędu Ochrony Danych Osobowych ZSPU. 421.8.2018 [Decision ZSPU.421.8.2018 of President of the Personal Data Protection Office]. Retrieved from https://uodo.gov.pl/decyzje/ZSPU.421.8.2018 | pl_PL |
| dc.references | Ustawa z dnia 10 maja 2018 r. o ochronie danych osobowych (Dz.U. 2018 poz. 1000) [Act of 10 May 2018 on Personal Data Protection (Journal of Laws of 2018, item 1000)]. Retrieved from https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU 20180001000 | pl_PL |
| dc.references | Ustawa z dnia 8 marca 1990 r. o samorządzie gminnym (Dz.U. 1990 nr 16 poz. 95) [Act of 8 March 1990 on municipal government (Journal of Laws of 1990, No. 16, item 95)]. Retrieved from https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU1990016 0095 | pl_PL |
| dc.references | Ustawa z dnia 5 czerwca 1998 r. o samorządzie powiatowym (Dz.U. 1998 nr 91 poz. 578) [Act of 5 June 1998 on district local government (Journal of Laws of 1998, No. 91, item 578)]. Retrieved from http://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id= WDU19980910578 | pl_PL |
| dc.references | Ustawa z dnia 5 czerwca 1998 r. o samorządzie województwa (Dz.U. 1998 nr 91 poz. 576) [Act of 5 June 1998 on the voivodeship self-government (Journal of Laws of 1998, No. 91, item 576)]. Retrieved from https://isap.sejm.gov.pl/isap.nsf/DocDetails. xsp?id=WDU19980910576 | pl_PL |
| dc.references | Ustawa z dnia 24 lipca 1998 r. o wprowadzeniu zasadniczego trójstopniowego podziału terytorialnego państwa (Dz.U. 1998 nr 96 poz. 603) [Act of 24 July 1998 on the introduction of a basic three-tiered territorial division of the country (Journal of Laws of 1998, No. 96, item 603)]. Retrieved from http://isap.sejm.gov.pl/isap.nsf/Doc Details.xsp?id=wdu19980960603 | pl_PL |
| dc.references | Zerlang, J. (2017). GDPR: A milestone in convergence for cyber-security and compliance. Network Security, 6, 8-11. https://doi.org/10.1016/S1353-4858(17)30060-0 | pl_PL |
| dc.references | ZFODO. (2020). Incydenty ochrony danych osobowych. Raport Związku Firm Ochrony Danych Osobowych [Personal data protection incidents. Report of the Association of Personal Data Protection Companies]. Retrieved from https://www.zfodo.org.pl /wp-content/uploads/2020/02/raport_zfodo_naruszenia-16.02.20.pdf | pl_PL |
| dc.contributor.authorEmail | maciej.szmit@uni.lodz.pl | pl_PL |
| dc.contributor.authorEmail | dominika.lisiak@uni.lodz.pl | pl_PL |
| dc.identifier.doi | 10.22367/jem.2021.43.01 | |
| dc.discipline | nauki o zarządzaniu i jakości | pl_PL |
Pliki tej pozycji
Pozycja umieszczona jest w następujących kolekcjach
Poza zaznaczonymi wyjątkami, licencja tej pozycji opisana jest jako Uznanie autorstwa-Użycie niekomercyjne 4.0 Międzynarodowe