{"title":"这都是有趣的游戏,还有一些法律术语:通过游戏提高员工网络技能的数据保护含义","authors":"D. Povse","doi":"10.1145/3277570.3277580","DOIUrl":null,"url":null,"abstract":"In order to combat cyberattacks, an organisation can decide to train its employees. Improving cyber-skills of employees through educational games means their personal data will be processed and therefore it falls under the scope of the General Data Protection Regulation (GDPR). The goal of this paper is to address challenges that organisations are likely to face in practice, such as invalidity of employees' consent and over-intrusive monitoring. It argues that in order to approach training lawfully, organisations should (1) choose their external trainer with due diligence, (2) carry out a data protection impact assessment, and under certain circumstances (3) appoint a data protection officer.","PeriodicalId":164597,"journal":{"name":"Proceedings of the Central European Cybersecurity Conference 2018","volume":"38 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"It's all fun and games, and some legalese: data protection implications for increasing cyber-skills of employees through games\",\"authors\":\"D. Povse\",\"doi\":\"10.1145/3277570.3277580\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In order to combat cyberattacks, an organisation can decide to train its employees. Improving cyber-skills of employees through educational games means their personal data will be processed and therefore it falls under the scope of the General Data Protection Regulation (GDPR). The goal of this paper is to address challenges that organisations are likely to face in practice, such as invalidity of employees' consent and over-intrusive monitoring. It argues that in order to approach training lawfully, organisations should (1) choose their external trainer with due diligence, (2) carry out a data protection impact assessment, and under certain circumstances (3) appoint a data protection officer.\",\"PeriodicalId\":164597,\"journal\":{\"name\":\"Proceedings of the Central European Cybersecurity Conference 2018\",\"volume\":\"38 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-11-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the Central European Cybersecurity Conference 2018\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3277570.3277580\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Central European Cybersecurity Conference 2018","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3277570.3277580","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
It's all fun and games, and some legalese: data protection implications for increasing cyber-skills of employees through games
In order to combat cyberattacks, an organisation can decide to train its employees. Improving cyber-skills of employees through educational games means their personal data will be processed and therefore it falls under the scope of the General Data Protection Regulation (GDPR). The goal of this paper is to address challenges that organisations are likely to face in practice, such as invalidity of employees' consent and over-intrusive monitoring. It argues that in order to approach training lawfully, organisations should (1) choose their external trainer with due diligence, (2) carry out a data protection impact assessment, and under certain circumstances (3) appoint a data protection officer.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
