Actions to ensure personal data protection in a business enterprise

ENThe General Data Protection Regulation is related to fundamental changes in business enterprises as they need to radically rethink how to process customers’ personal data. The following principles of personal data protection have been established: the principle of lawfulness, fairness and transparency; purpose limitation in data handling; the data minimisation principle; the principle of periodicity; the principle of storage limitation; the principle of integrity and confidentiality; and the principle of responsibility. The study revealed problem areas in the implementation of the personal data protection policy in the business enterprise: ensuring management of access to personal data; informing individuals about the nature of the use of their personal data; and development of a description of the procedure for rules on a new consent to the use of personal data. Hiring external experts and leader support in implementing the personal data policy in the organization are to be assessed as the enterprise’s weaknesses. Keywords: General Data Protection Regulation, personal data protection, business enterprise, implementation, problem areas. [From the publication]