Suchergebnisse

JEL Classification: M15, H83, K24. ; Aim/purpose – The paper contains descriptive exploratory research on the implementation of General Data Protection Requirements (GDPR) in a group of Polish public administration offices. The purpose of this research is to investigate the current state of personal data protection in the entities surveyed. Design/methodology/approach – The diagnostic survey method using the Computer Assisted Web Interview was employed. The survey was conducted in local government administration offices a year and a half after the GDPR implementation. Findings – All marshal offices and the majority of districts (about 80%) confirmed that they comply with all the GDPR requirements. The situation was slightly worse in municipal offices – about 23% of them declared that they do not comply with all the GDPR requirements. In officials' opinion this situation may be improved by conducting training for employees, employee engagement, and appropriate support of the office management. Another aspect that draws attention is a very small budget dedicated to the GDPR implementation and maintenance in most of the offices surveyed. Research implications/limitations – The limitation of the findings is the relatively low responsiveness of the questionnaire survey. Originality/value/contribution – The research concerns a relatively new subject. The state of personal data protection in public administration in Poland after 18 months of the GDPR implementation was analyzed. So far, there is no comprehensive research that has been conducted into this field in local government administration

PURPOSE: The aim of the article is to compare the current state of personal data protection almost 3 years after the General Data Protection Regulation (GDPR) in groups of local government administration offices in Poland and the Republic of Lithuania. ; DESIGN/METHODOLOGY/APPROACH: The diagnostic survey method with the Computer Assisted Web Interview was used. The survey was conducted in local government administration offices in Poland and the Republic of Lithuania almost 3 years after the GDPR implementation. ; FINDINGS: As the results of the research, the opinions about the office compliance with the GDPR requirements, personal data breaches, requests from data subjects, external audits and inspections, the GDPR impact on the office, the maturity of processing data and problems in ensuring compliance with the GDPR data processing from local government offices in Poland and Republic of Lithuania were obtained. ; PRACTICAL IMPLICATIONS: The results constitute a knowledge base on the personal data protection situation in surveyed countries and can be a form of the basis for further, more indepth analysis and research. ; ORIGINALITY/VALUE: The article presents our original research. So far, to the best of our knowledge, no comprehensive research has been conducted into this field and compared the current situation in the surveyed countries. ; peer-reviewed

All healthcare organizations process "sensitive data" that needs special protection. To ensure an appropriate level of security for this data, it is necessary to allocate adequate financial resources for security measures. The exploratory aim of the research here is the recognition of the current state of information security management systems in selected entities performing medical activities. An analysis and evaluation of these systems and the financing of information security were conducted. The methods and techniques used in the research are Computer Assisted Telephone Interviews, literature studies, and a questionnaire survey with applications for access to public information. The subjects of the research were medical entities subordinate to the local governments of three Polish voivodeships (Łódź, Świętokrzyskie and Pomeranian). The research was conducted between 2017 and 2018. Research findings show that the surveyed entities did not properly manage information security and did not allocate adequate financial resources to ensure information security. The lack of efficient information security management in medical entities may entail negative consequences in the future. ; Wszystkie organizacje opieki zdrowotnej przetwarzają "dane wrażliwe", które wymagają specjalnej ochrony. W celu zapewnienia właściwego poziomu bezpieczeństwa tych danych, konieczne jest przeznaczenie odpowiednich środków finansowych. Celem poznawczym badań jest rozpoznanie istniejącego stanu systemów zarządzania bezpieczeństwem informacji w wybranych podmiotach wykonujących działalność leczniczą. Przeprowadzono analizę i ocenę tych systemów oraz finansowania bezpieczeństwa informacji. W badaniach wykorzystano następujące metody i techniki: wspomagany komputerowo wywiad telefoniczny, studia literaturowe i ankietę z wnioskiem o udostępnienie informacji publicznej. Przedmiotem badań były podmioty medyczne podległe samorządom trzech polskich województw (łódzkie, świętokrzyskie, pomorskie). Badanie było prowadzone w latach 2017-2018. Wyniki badania pokazują, że badane podmioty nieprawidłowo zarządzały bezpieczeństwem informacji i nie przeznaczały odpowiednich środków finansowych na zapewnienie bezpieczeństwa informacji. Brak efektywnego zarządzania bezpieczeństwem informacji w podmiotach medycznych może mieć wpływ na wystąpienie incydentów w przyszłości.