GDPR implementation in public administrationin Poland - 1.5 year after: An empirical analysis

• Authors: Lisiak-Felicka Dominika , Szmit Maciej
• Languages of publication: EN

Abstracts

EN

Aim/purpose–The paper contains descriptive exploratory research on the implementa-tion of General Data Protection Requirements (GDPR) in a group of Polish public ad-ministration offices. The purpose of this research is to investigate the current state of personal data protection in the entities surveyed.Design/methodology/approach–The diagnostic survey method using the Computer Assisted Web Interview was employed. The survey was conducted in local government administration offices a year and a half after the GDPRimplementation.Findings–All marshal offices and the majority of districts (about 80%) confirmed that they comply with all the GDPR requirements. The situation was slightly worse in munic-ipal offices –about 23% of them declared that they do not complywith all the GDPR requirements. In officials’ opinion this situation may be improved by conducting training for employees, employee engagement, and appropriate support of the office manage-ment. Another aspect that draws attention is a very small budget dedicated to the GDPR implementation and maintenance in most of the offices surveyed.Research implications/limitations–The limitation of the findings is the relatively low responsiveness of the questionnaire survey.Originality/value/contribution–The research concerns a relatively new subject. The state of personal data protection in public administration in Poland after 18 months of the GDPR implementation was analyzed. So far, there is no comprehensive research that has been conducted into this field in local government administration.

Keywords

EN

Data protection breaches; GDPR implementation; General Data Protection Regulation (GDPR); Personal data; Public administration

• Publisher: Uniwersytet Ekonomiczny w Katowicach
• Journal: Journal of Economics and Management
• Year: 2021
• Volume: 43
• Pages: 1-21

Contributors

author

Lisiak-Felicka Dominika

• Department of Computer Science in Economics. Faculty of Economics and Sociology. University of Lodz, Lodz, Poland

author

Szmit Maciej

• Department of Computer Science. Faculty of Management. University of Lodz, Lodz, Poland

References

• Almeida Teixeira, G., Mira da Silva, M., & Pereira, R. (2019). The critical success factors of GDPR implementation: A systematic literature review. Digital Policy, Regulation and Governance, 21(4), 402-418. https://doi.org/10.1108/DPRG-01-2019-0007
• Breitbarth, P. (2019). The impact of GDPR one year on. Network Security, 7, 11-13. https://doi.org/10.1016/S1353-4858(19)30084-4
• DLA Piper. (2020). GDPR Data Breach Survey 2020. Retrieved from https://www.dlapiper.com/en/global/insights/publications/2020/01/gdpr-data-breach-survey-2020/
• European Parliament. (2016). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repeal-ing Directive 95/46/EC (General Data Protection Regulation). Retrieved from https://eur-lex.europa.eu/eli/reg/2016/679/oj
• Fazzini, K. (2019). Europe’s sweeping privacy rule was supposed to change the internet, but so far it’s mostly created frustration for users, companies, and regulators. Retrieved from https://www.cnbc.com/2019/05/04/gdpr-has-frustrated-users-and-regulators.html
• Ferreira, A. (2020). GDPR: What’s in a year (and a half). In J. Filipe, M. Smialek, A. Brodsky, & S. Hammoudi (Eds.), Enterprise information systems, Proceedings of the 22nd International Conference, ICEIS 2019 (Vol. 2; pp. 209-216), Science and Technology Publications, Berlin: Springer. https://www.doi.org/10.5220/0009386002090216
• Forbes Technology Councils. (2018). 15 Unexpected Consequences of GDPR. Retrieved from https://www.forbes.com/sites/forbestechcouncil/2018/08/15/15-unexpected-consequences-of-gdpr/#7affb2c994ad
• GDPR Enforcement Tracker. (2020). Fines database. Retrieved October 10, 2020 from https://www.enforcementtracker.com/
• Jatkiewicz, P. (2015). Zarządzanie bezpieczeństwem w jednostkach samorządowych [Security management in local government units]. In T. Szatkowski (Ed.), Bezpie-czeństwo danych w sektorze publicznym [Data security in the public sector]. Warsaw: PTI. Retrieved from https://ir.pti.org.pl/wp-content/uploads/2017/02/Biblioteczka -Izby-Rzeczoznawc%C3%B3w-PTI-Tom-4.pdf
• Krystlik, J. (2017). With GDPR, preparation is everything. Computer Fraud & Security, 6, 5-8. https://doi.org/10.1016/S1361-3723(17)30050-7
• Laybats, C., & Davies, J. (2018). GDPR: Implementing the regulations. Business Infor-mation Review, 35(2), 81-83. https://doi.org/10.1177%2F0266382118777808
• Lisiak-Felicka, D., Szmit, M., & Szmit, A. (2019). The assessment of GDPR readiness for local government administration in Poland. In Z. Wilimowska, L. Borzemski, & J. Świątek (Eds.), Information systems architecture and technology (Advances in Intelligent Systems and Computing, Vol. 854; pp. 417-426). Berlin: Springer. https://doi.org/10.1007/978-3-319-99993-7_37
• Lisiak-Felicka, D., Szmit, M., Szmit, A,. & Vaičiūnienė, J. (2020). GDPR implementa-tion in local government administration in Poland and Republic of Lithuania. In Z. Wilimowska, L. Borzemski, & J. Świątek (Eds.), Information systems architec-ture and technology (Advances in Intelligent Systems and Computing, Vol. 1052; pp. 49-60). Berlin: Springer. https://doi.org/10.1007/978-3-030-30443-0_5
• Sedlak & Sedlak. (2020). Ile zarabia specjalista ds. bezpieczeństwa informatycznego? Raport wynagrodzeń [How much does an IT security specialist earn? Salary re-port]. Retrieved October 10, 2020 from https://wynagrodzenia.pl/moja-placa/ile-zarabia-specjalista-ds-bezpieczenstwa-informatycznego
• Tamburri, D. (2020, July). Design principles for the General Data Protection Regulation (GDPR): A formal concept analysis and its evaluation. Information Systems, 91, Article 105454. https://doi.org/10.1016/j.is.2019.101469
• Tatara, U., Gokceb, Y., & Nussbaum, B. (2020). Law versus technology: Blockchain, GDPR, and tough tradeoffs. Computer Law & Security Review, 38, Article 105454. https://doi.org/10.1016/j.clsr.2020.105454
• UODO. (2019a). Decyzja Prezesa Urzędu Ochrony Danych Osobowych ZSPU. 421.2.2018 [Decision ZSPU.421.2.2018 of President of the Personal Data Protec-tion Office]. Retrieved from https://uodo.gov.pl/decyzje/ZSPU.421.2.2018
• UODO. (2019b). Decyzja Prezesa Urzędu Ochrony Danych Osobowych ZSPU. 421.3.2019 [Decision ZSPU.421.3.2019 of President of the Personal Data Protec-tion Office]. Retrieved from https://uodo.gov.pl/decyzje/ZSPU.421.3.2019
• UODO. (2019c). Decyzja Prezesa Urzędu Ochrony Danych Osobowych ZSPU. 421.8.2018 [Decision ZSPU.421.8.2018 of President of the Personal Data Protec-tion Office]. Retrieved from https://uodo.gov.pl/decyzje/ZSPU.421.8.2018
• Ustawa z dnia 10 maja 2018 r. o ochronie danych osobowych (Dz.U. 2018 poz. 1000) [Act of 10 May 2018 on Personal Data Protection (Journal of Laws of 2018, item 1000)]. Retrieved from https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU 20180001000
• Ustawa z dnia 8 marca 1990 r. o samorządzie gminnym (Dz.U. 1990 nr 16 poz. 95) [Act of 8 March 1990 on municipal government (Journal of Laws of 1990, No. 16, item 95)]. Retrieved from https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU1990016 0095
• Ustawa z dnia 5 czerwca 1998 r. o samorządzie powiatowym (Dz.U. 1998 nr 91 poz. 578) [Act of 5 June 1998 on district local government (Journal of Laws of 1998, No. 91, item 578)]. Retrieved from http://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id= WDU19980910578
• Ustawa z dnia 5 czerwca 1998 r. o samorządzie województwa (Dz.U. 1998 nr 91 poz. 576) [Act of 5 June 1998 on the voivodeship self-government (Journal of Laws of 1998, No. 91, item 576)]. Retrieved from https://isap.sejm.gov.pl/isap.nsf/DocDetails. xsp?id=WDU19980910576
• Ustawa z dnia 24 lipca 1998 r. o wprowadzeniu zasadniczego trójstopniowego podziału terytorialnego państwa (Dz.U. 1998 nr 96 poz. 603) [Act of 24 July 1998 on the in-troduction of a basic three-tiered territorial division of the country (Journal of Laws of 1998, No. 96, item 603)]. Retrieved from http://isap.sejm.gov.pl/isap.nsf/Doc Details.xsp?id=wdu19980960603
• Zerlang, J. (2017). GDPR: A milestone in convergence for cyber-security and compli-ance. Network Security, 6, 8-11. https://doi.org/10.1016/S1353-4858(17)30060-0
• ZFODO. (2020). Incydenty ochrony danych osobowych. Raport Związku Firm Ochrony Danych Osobowych [Personal data protection incidents. Report of the Association of Personal Data Protection Companies]. Retrieved from https://www.zfodo.org.pl /wp-content/uploads/2020/02/raport_zfodo_naruszenia-16.02.20.pdf

Identifiers

ISSN

1732-1948