Download the survey(.pdf)
1. Sector
Participants in the survey by their related sector.
2. Which law is your data collecting based on ?
The laws on whose basis these sectors operate.
3. In what form (records, registry, database) ?
The forms in which the personal data is kept in these sectors.
4. Is the goal for which your collect data clear ?
Does the law contain clear wording of the goal of data collection.
5. Does the amount of personal data collected corresponds to the goal of their collection ?
Expert’s opinion on whether the scope of data is justified.
6. Who is the primary gatherer of the data ? (company, institution)
Do these sectors have the basic capabilities and legal responsibilities to gather personal data.
7. Does any other subject have the right to access this data, i.e., do you supply the data to be used or processed by another institution, company ?
Half of the experts reported that the personal data is being transferred, but according to the law.
8. Is subject’s constent envisaged for some category of personal data for their proccesing ?
The majority of the sectors require the subject’s consent, though, only for certain categories of personal data.
9. Which one ?
For what purpose, and for which categories of personal data, the subject’s consent is most often required.
10. Does the law on whose basis you operate envisages clear and specific keeping periods of personal data ?
Is the wording in the law clear on this matter.
11. How many years/months ?
How long is the keeping time for personal data.
12. Is there a provision for protection of personal data that clearly points to implementation of technical and organizational measures?
Half of the sectors have yet to implement technical and organizational measures for protection of personal data.
13. Have you adopted internal regulations for technical and organizational measures for secrecy and protection of personal data ?
Almost all of the sectors have adopted internal regulations, often in collaboration with the DPPD.
14. Is the data processing envisaged in this law, or it should be linked and applied with another law(s) ?
Does the wording in the law clearly state the processing of personal data.
15. Are there exceptions for processing of sensitive personal data ? (PIN, biometrical data, video surveillance)?
Are there any categories of personal data that are not being processed.
16. Which one?
Only some sectors are familiar with the exceptions.
17. Has the DPPD issued an opinion in relation to your law, and has that opinion been taken into account ?
Half of the experts did not have any information about the opinions issued by the DPPD.