1 / 51


Good practices of the Bulgarian Data Protection Authority Prof. Veselin Tselkov , DSc – member of the Board Ms Desislava Borisova - chief legal adviser. Agenda. Introduction Good practices Conclusions. Introduction.

Télécharger la présentation


An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.


Presentation Transcript

  1. Good practices of the Bulgarian Data Protection AuthorityProf. VeselinTselkov, DSc – member of the BoardMs DesislavaBorisova - chief legal adviser

  2. Agenda • Introduction • Good practices • Conclusions

  3. Introduction „The sovereignty of the society, the region, the nation, the state has their only sense if their real sovereignty is based on the only real sovereignty - the sovereignty of the human being.” Vaclav Havel

  4. The experience of the CPDP • Complaints • Inspections • Data controllers • Consultations

  5. Strategic principles and priorities during the years • The raising of the awareness of the society • Training of the data controllers • Improving of the system for ensuring data protection • Strengthening of the administrative capacity of the Commission for personal data protection

  6. Good practices • The raising of the awareness of the society • The training for the data controllers • The methodology for inspections activity • Ordinance № 1 dated 30 January 2013 on the minimum level of technical and organizational measures and the admissible type of personal data protection • The new information technologies in the work of the CPDP

  7. The raising of the awareness of the society Continuous process of the raising of the awareness

  8. Main problems • Lack of knowledge for the personal data protection problems • Lack of assessment of the importance of the problem and the threats • Lack of knowledge of the legislative framework • Lack of knowledge of the consequences of the violation of the rights

  9. Targets for exerting an influence • Society • State authorities and local authorities • Private companies

  10. The media • Use of media • Electronic media • Other media

  11. The media Not only is important for the media to be considered as a corrective, but they also must be seen as a tool for influencing the society and as a key tool of influencing the society and contributing to the right functioning of the data protection system.

  12. The media • Internet • Website of the CPDP • Social networks • Materials and banners in the most popular websites • Links between the website of the CPDP and other institutions: • State authorities • Industrial sector • Non-governmental organizations

  13. Website of the CPDP

  14. Website of the CPDP

  15. 10 years Commission for Personal Data Protection

  16. The media • Internet • Website of the CPDP • Social networks • Materials and banners in the most popular websites • Links between the website of the CPDP and other institutions: • State authorities • Industrial sector • Non-governmental organizations

  17. The media • Information bulletin • Contemporary trends • Legislative amendments • CPDP’s practices

  18. The media The informational brochures can be generally oriented or oriented to stakeholders

  19. The media • Informational brochures • 10 years of the CPDP • Your identity card • Video surveillance • Internet and children • Advices for parents • Your Schengen Information System’s rights

  20. Your identity card

  21. Your identity card

  22. Video surveillance

  23. Video surveillance

  24. Internet and children

  25. Internet and children

  26. Advices for parents

  27. Advices for parents

  28. The media • Special postmark issued on the European Day for personal data protection – 28th January

  29. Special postmark issued on the European Day for personal data protection – 28th January

  30. The other initiatives • Examples • National children competition on pictures for Internet as a point of view • Joint and/or external meetings • Doors open days • Public lectures with the academic society

  31. National children competition on pictures for Internet’s point of view – Katya 4

  32. National children competition on pictures for Internet’s point of view – Mikaela 10

  33. National children competition on pictures for Internet’s point of view – Elica 14

  34. The other initiatives • Joint and/or external meetings • Formal meetings, plenary, workshops • With district governors, mayors, etc. • Thematic meetings with different authorities – Communications Regulation Commission, Commission for consumer protection • Open meetings

  35. The other initiatives • Joint and/or external meetings • Press conferences with journalists • Doors open days for citizens and data controllers • Training • Law enforcements issues on the application of the Law for electronic communications ( discussions with stakeholders in different places – prosecutors, judges, etc.)

  36. The other initiatives • Promotional information campaign with specific logo: „2012 - 10 years Commission for personal data protection – 28th January European data protection day” - leaflets, notebooks, badges, placards, cups pens, calendars, as well as flash memories with information about the data protection • Magnetic cartridge • Contents

  37. Is the protection of personal data important ?

  38. Training. Scope of the training • State authorities and local authorities • Business organizations • Targeted groups • Stakeholders • Personnel (staff)

  39. Training. Common subjects • Topical issues of the data protection issues • Legal framework of the personal data protection in the Republic of Bulgaria • Legal proceedings and supervision • Data controllers

  40. Training. Specialized training • Education • Banking • Service sector • Hotels • Health sector • Schengen Information System

  41. ORDINANCE № 1 dated 30 January 2013 On the minimum level of technical and organizational measures and the admissible type of personal data protection

  42. ORDINANCE № 1 dated 30 January 2013 • General provisions • Confidentiality , integrity and availability • Implementing the need-to-know principle • Types of protection • Impact assessments • Levels of impact • Obligations of the controller

  43. Methodology for Inspection Activity • Methodology of how to carry out an inspection • On-going inspections based on a monthly plan of the CPDP • Purpose • Scope • Cases http://www.cpdp.bg/?p=news_view&aid=478

  44. Plan for Inspections

  45. Implementing New Information Technologies in the Work of CPDP • Call centre • Internet website • Information bulletin • Maintaining the Register of personal data controllers and the personal data registers kept by them • Automated document management system • Automated paperless system for open meetings

  46. Concusion “We want to open new growth opportunities that Europe needs, and at the same time, we want to make data protection an effective right for everybody. We will deliver effective, practicable and future proof data protection rules that enable growth.” Viviane Reding

  47. Agenda • Introduction • Good practices • Conclusions

  48. Good practices of the Bulgarian Data Protection AuthorityProf. VeselinTselkov, DSc – member of the BoardMs DesislavaBorisova - chief legal adviser

  49. Questions ?prof. VeselinTselkov, DSc – member of the BoardDesislavaBorisova - chief legal adviser

More Related