Post-GDPR survey of data protection officers in research and non-research institutions in Croatia

Abstract: Introduction General Data Protection Regulation (GDPR) focuses on important elements of data ethics, including protecting people’s privacy, accountability and transparency. According to the GDPR, certain public institutions are obliged to appoint a Data Protection Officer (DPO). However, there is little publicly available data from national EU surveys on DPOs. This study aimed to examine the scope of work, type of work, and education of DPOs in institutions in Croatia. Materials and… Show more

“…Without clear appointment parameters, institutions were able to appoint anyone as DPO, just to fulfil a legal obligation. We found that the majority (92%) of surveyed DPOs in our study (Mladinić et al 2021) were already employed by their institutions when they were appointed as a DPO. Indeed, such an appointment strategy was the easiest solution for institutions.…”

“…Furthermore, our study (Mladinić et al 2021) showed that only around thirty percent of DPOs claimed to have an ethics committee in their institution where they worked. From those which indicated having an ethics committee in their institution, only a few DPOs received some official request or were contacted by their institutional ethics committee and the majority was not involved in that committee's work in any way.…”

“…To explore the relationship between DPOs and Ethics Boards and to explore the current position of DPOs in institutions across Croatia, together with AZOP we prepared a research study based on a cross-sectional online survey which was then completed by more than 700 DPOs across the Republic of Croatia (Mladinić et al 2021).…”

“…In our research (Mladinić et al 2021), only a small number of DPOs indicated a research or an educational institution as their employer. Even in that small sample, it was clear that they received just a few research-related questions which were in line with previously published data (Puljak et al 2020;Dinu 2018).…”

Data Protection in Croatia: An Indicator of Ethics Processes in Research Institutions

“…Without clear appointment parameters, institutions were able to appoint anyone as DPO, just to fulfil a legal obligation. We found that the majority (92%) of surveyed DPOs in our study (Mladinić et al 2021) were already employed by their institutions when they were appointed as a DPO. Indeed, such an appointment strategy was the easiest solution for institutions.…”

“…Furthermore, our study (Mladinić et al 2021) showed that only around thirty percent of DPOs claimed to have an ethics committee in their institution where they worked. From those which indicated having an ethics committee in their institution, only a few DPOs received some official request or were contacted by their institutional ethics committee and the majority was not involved in that committee's work in any way.…”

“…To explore the relationship between DPOs and Ethics Boards and to explore the current position of DPOs in institutions across Croatia, together with AZOP we prepared a research study based on a cross-sectional online survey which was then completed by more than 700 DPOs across the Republic of Croatia (Mladinić et al 2021).…”

“…In our research (Mladinić et al 2021), only a small number of DPOs indicated a research or an educational institution as their employer. Even in that small sample, it was clear that they received just a few research-related questions which were in line with previously published data (Puljak et al 2020;Dinu 2018).…”

Data Protection in Croatia: An Indicator of Ethics Processes in Research Institutions

“…Very few research studies can be found on the topic of data protection in the EU. Recently, we published a survey among data protection officers (DPOs), examining the scope of work, type of work, and education of DPOs in institutions in Croatia [ 3 ]. However, when searching for studies on DPAs, we were unable to find any research reports that analyzed how different DPAs handle issues and complaints regarding data protection and their workload before and after the introduction of GDPR.…”

Workload and procedures used by European data protection authorities related to personal data protection: a cross-sectional study

Challenges Complying with Privacy Law in Jamaica