| fullrecord |
[{"key": "dc.contributor.advisor", "value": "Siponen, Mikko", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Lipsanen, Tommi", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2021-11-26T06:31:41Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2021-11-26T06:31:41Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2021", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/78795", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Tietotekniikan hy\u00f6dynt\u00e4minen organisaatioiden toiminnassa on kasvanut viime vuosikymmenten aikana. Kasvu ei ole kuitenkaan tapahtunut ilman haasteita. On jo olemassa varoittavia esimerkkej\u00e4 isoista tietovuodoista, jolloin arkaluontoista tietoa on p\u00e4\u00e4tynyt v\u00e4\u00e4riin k\u00e4siin. Tietovuodon seurauksena voi synty\u00e4 aineellista tai aineetonta vahinkoa organisaatioille sek\u00e4 yksityisille henkil\u00f6ille. EU:ssa henkil\u00f6tietojen turvallisuuden eli tietosuojan haasteisiin on pyritty vastaamaan kokonaisvaltaisesti lains\u00e4\u00e4d\u00e4nn\u00f6ll\u00e4. Yleinen tietosuoja-asetus eli General Data Protection Regulation (GDPR) astui voimaan vuonna 2016, ja sit\u00e4 alettiin soveltamaan vuonna 2018. GDPR:n tavoitteena on muun muassa vastata EU:n tasolla teknologian kehityksen ja globalisaation tuomiin haasteisiin, vahvistaa s\u00e4\u00e4nn\u00f6t henkil\u00f6tietojen k\u00e4sittelyss\u00e4 sek\u00e4 suojella luonnollisten henkil\u00f6iden perusoikeuksia ja \u2013vapauksia, erityisesti oikeutta henkil\u00f6tietojen suojaan. GDPR koostuu 99 artiklasta ja siin\u00e4 asetetaan paljon s\u00e4\u00e4nn\u00f6ksi\u00e4 liittyen henkil\u00f6tietojen k\u00e4sittelyyn. Kyseess\u00e4 on iso kokonaisuus, ja sen ymm\u00e4rt\u00e4misess\u00e4 sek\u00e4 velvoitteiden noudattamisessa voi esiinty\u00e4 organisaatioille haasteita. GDPR:ss\u00e4 lis\u00e4ksi m\u00e4\u00e4ritell\u00e4\u00e4n virallisille valvontaviranomaisille valtuudet hallinnollisten sakkojen antamiselle GDPR:n s\u00e4\u00e4nn\u00f6sten rikkomisesta. Tutkimuksen kohteena oli tutkia GDPR:\u00e4\u00e4, ja tarkemmin sen artiklaa 32. Artikla 32 velvoittaa rekisterinpit\u00e4ji\u00e4 ja henkil\u00f6tietojen k\u00e4sittelij\u00f6it\u00e4 ottamaan huomioon monia asioita, kuten henkil\u00f6iden oikeuksiin ja vapauksiin kohdistuvat riskit, ja toteuttamaan asianmukaiset tekniset ja organisatoriset toimenpiteet henkil\u00f6tietojen k\u00e4sittelyn turvaamiseksi. Tutkimuksessa analysoitiin artiklan 32 vaatimusten rikkomisen seurauksena annettuja sakkop\u00e4\u00e4t\u00f6ksi\u00e4, jonka avulla pyrittiin ymm\u00e4rt\u00e4m\u00e4\u00e4n artiklan 32 vaatimuksia ja siin\u00e4 esiintyvien asianmukaisten teknisten ja organisatoristen toimenpiteiden k\u00e4sitteit\u00e4 paremmin. Tutkimus toteutettiin k\u00e4ytt\u00e4en k\u00e4siteanalyysi\u00e4 tutkimusmenetelm\u00e4n\u00e4. Tutkimuksen tuloksena nousi laaja kirjo konkreettisia toimenpiteit\u00e4 liittyen artiklan 32 vaatimuksiin asianmukaisista teknisist\u00e4 ja organisatorisista toimenpiteist\u00e4. N\u00e4it\u00e4 toimenpiteit\u00e4 olivat muun muassa monivaiheinen todentaminen, lokitietojen ker\u00e4\u00e4minen, henkil\u00f6kunnan s\u00e4\u00e4nn\u00f6llinen tietosuojakoulutus sek\u00e4 tietoisuus alan yleisess\u00e4 tiedossa olevista ohjeistuksista liittyen tietoturvallisuusriskeihin ja n\u00e4iden ohjeistuksien noudattaminen.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Utilization of information technology within the operations of organizations has increased in the recent decades. However, this has not happened without challenges relating to information technology. There are already warning examples of data breaches where sensitive information has fallen into the wrong hands. Data breach may result in material or non-material damage to organisations and individuals. EU has addressed the challenges relating to security of personal data i.e., data protection by means of comprehensive legislation. General Data Protection Regulation (GDPR) entered into force in 2016 and became applicable in 2018. The objectives of the GDPR includes meeting with the challenges posed by technological development and globalization, to lay down rules for the processing of personal data and to protect fundamental rights and freedoms of natural persons, in particular the right to the protection of personal data. The GDPR consists of 99 articles and lays down many provisions regarding the processing of personal data. The regulation covers a lot of details and there may be challenges for organizations in understanding it and meeting their obligations. The GDPR also defines power for the official supervisory authorities to impose administrative fines for not complying with the GDPR. The purpose of this study was to examine the GDPR, and in particular article 32 of the GDPR. In article 32 there is defined obligations for controllers and processors to consider many issues, such as the risks to the rights and freedoms of individuals, and to implement appropriate technical and organizational measures to ensure the security of processing personal data. The study was conducted using conceptual analysis as a research method. In the study there was analysis done on administrative fines relating to article 32 to gain a better understanding of the requirements of article 32 and the concepts of appropriate technical and organizational measures. Findings of the study revealed multiple concrete measures related to the requirements of article 32 on appropriate technical and organizational measures. These measures included for example multi-factor authentication, collection of log data, regular data protection training for staff, and awareness of publicly available guidelines regarding security risks and adherence to the guidelines.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2021-11-26T06:31:41Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2021-11-26T06:31:41Z (GMT). No. of bitstreams: 0\n Previous issue date: 2021", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "55", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "fin", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "GDPR", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "artikla 32", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "GDPR:n artiklan 32 vaatimukset : k\u00e4siteanalyysi asianmukaisista teknisist\u00e4 ja organisatorisista toimenpiteist\u00e4", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202111265802", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Kyberturvallisuus", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Kyberturvallisuus", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietoturva", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietosuoja", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "henkil\u00f6tiedot", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "riskienhallinta", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
|