Abstract:

The introduction of the General European Data Protection Regulation (GDPR) is the most important change in data protection legislation in the EU and globally in recent years. The new EU Regulation 2016/679 imposes numerous paradigms shifts that induce conceptual and approach changes across all personal data providers. The EU Regulation 679/2016 entered into force on May 25, 2018. In this context, Romania, together with the EU Member States aligned with the requirements imposed by the Regulation, with organizations having the obligation to introduce all the personal data protection.

National Institute for Research and Development in Informatics - ICI Bucharest offers numerous services (research-development-innovation services, domain registration .ro, electronic fiscal tax markers, ICIPRO - institutional cloud) that process personal data from data from research and development projects until identification data of the legal representatives of institutions requesting space in the institutional cloud.

Because ICI Bucharest is the most important research and development institute from Romania in the ICT field, it was absolutely natural to develop projects for the implementation of the GDPR Regulation in the area of interest. Thus, ICI Bucharest has developed the research project named "Intelligent Platform for Personal Data Protection Management at the central public administration (Smart_GDPR_AP)”, in which it aims to develop a platform to provide the necessary support to all public institutions that are operator of personal data.

In this context, the proposed project comes to the attention of all data operators, especially those in the public administration, by providing a smart platform that will allow the DPO (Data Protection Officer) of the institution to access tools, working methods and methodologies, as well as good practice guides on the whole complex system for processing personal data.

Another important objective of this project is training and development the specialized staff that is mandatory in every public institution. This is the DPO, whose role is extremely important in any personal data service provider and is a unique access point of the institution with the The National Supervisory Authority for Personal Data Processing. Additionally, the platform provides the opportunity to promote a general awareness policy for all users who process / own personal data.

The GDPR training and awareness program offered by us has as a main objective the acquisition and development of competences regarding the processing of personal data and the understanding of the importance of the protection of these data in the context of different processing.

The program consists of 8 training modules, with a duration of about 40 hours, with a weekly distribution, but accessible according to the student's needs. Each module contains a theoretical, interactive module that uses game-based self-learning methods, interactive phrases puzzles, and an application part with problem-solving methods based on scenarios the student needs to solve.

We developed this program for ROTLD (Romanian Top-Level Domain Department) clients, through Lifelong Learning Center. The Center is a department of ICI Bucharest with the positive results in training in ICT field. So, we design and implement this research project with double scope: to developed the platform and to train the numerous DPO and other specialists in data protection for Romanian public institutions.

Keywords:

GDPR, training program, DPO, research project.