Training on Personal Data Protection (HR0042)

Which public issue does the measure address? From the beginning of the application of the General Data Protection Regulation (25 May 2018), Personal Data Protection Agency has received a large number of inquiries from citizens, controllers and processors from the public sector regarding the application of the provisions of the General Data Protection Regulation and the Act on the Implementation of the General Data Protection Regulation (OG 42/18). In addition to continuous education over the past 3 years, there is still a number of inquiries that indicate the need for conducting further education on the application of the above-mentioned regulations. Furthermore, the need for additional elaboration of certain parts of the General Data Protection Regulation, such as the tasks of Data Protection Officers, the delineation of the roles of controllers and processors, processing of special categories of data, etc. has been noted. It is necessary to invest additional efforts in education and raising the level of knowledge and awareness of rights and obligations which stem from the General Data Protection Regulation and the Act on the Implementation of the General Data Protection Regulation.

What does the measure include? The measure includes conducting trainings whose aim is raising the level of knowledge and competences of participants within the framework of rights and obligations which stem from the General Data Protection Regulation and the Act on the Implementation of the General Data Protection Regulation. Through these trainings and in accordance with epidemiological measures, trainings of participants will be conducted on the part of the obligations arising for the data protection officer, an overview of the legal foundations for the lawfulness of the processing of personal data, the application and conditions of consent as one of the legal foundations, the processing of special categories of data, technical and organisational measures which ensure that only personal data necessary for each special purpose of the processing are processed in an integrated way, the roles of controllers and processors, remedies, liability and sanctions, etc. During these trainings, the participants will have the opportunity to ask questions through which they can present problems they encounter in practice during the application of provisions of General Data Protection Regulation and the Act on the Implementation of the General Data Protection Regulation.

How does the measure contribute to resolving the public issue? Raising the level of awareness about the importance of personal data protection as well as the rights and obligations of participants, controllers and processors, educating on the role, importance and tasks of Data Protection Officers as well as the overall implementation of all administrative and professional work that stems from the General Data Protection Regulation and the Act on the Implementation of the General Data Protection Regulation.

Why is this measure relevant to the values of the Open Government Partnership? Timely and continuous training is relevant for achieving the values of OGP because it increases the transparency of public authorities, and enables an interactive exchange of experiences from practice between participants and the Personal Data Protection Agency with the aim of facilitating and improving their work, within the framework of rights and obligations that stem from the General Data Protection Regulation and the Act on the Implementation of the General Data Protection Regulation.

Activities: Implementation start date: Implementation end date: 2.1. Conduct trainings on the aspects of regulations governing the area of personal data protection with an emphasis on the General Data Protection Regulation Underway December 2023

Number and title of activities: 2.1. Conduct trainings on the application of regulations governing the area of personal data protection with an emphasis on the General Data Protection Regulation Co-leaders: State School for Public Administration Implementation indicators: - Conducting trainings on the application of regulations governing the area of personal data protection with an emphasis on the General Data Protection Regulation - 6 per year The baseline value of result indicators: / Source of data and frequency of data collection: - Annual reports of the Personal Data Protection Agency, the website of the Personal Data Protection Agency Financial resources required (Source of funding and planned resources): Resources are assured from the State Budget, section 10995, State School for Public Administration, activity A677028 Implementation of professional development and training programmes, in the amount of HRK 7,740.00 per year and from section 250 Personal Data Protection Agency, activity A765000 Administration and management, and they relate to resources for the ordinary activities of the Agency. Implementation start date and implementation deadline: Underway – December 2023

Action Plan Review

Commitment 2. Implementing Legislation on Personal Data Protection

● Verifiable: Yes

● Does it have an open government lens? Yes

● Potential for results: Modest