Abstract [eng] |
The master‘s thesis examines the application of the provisions of the EU General Data Protection Regulation (GDPR) to genetic data. The first part of the thesis reveals the development of the concept of genetic data. The relation between genetic data and personal data is also analysed. In the first part the concept of genetic privacy, the issues of genetic data protection is also reviewed. Immediately afterwards the thesis reveals the main legal sources for the protection of genetic data, together with an overview of issues of mentioned sources. The second part focuses on the objectives and subject matter of the GDPR, also the territorial application of the GDPR in the context of genetic data. In addition, attention is paid to the concept of data subjects, data controllers and data processors. Finally, the concept of genetic data as special categories of personal data is reviewed. The third part of the thesis provides a detailed overview of the general rules of the GDPR in the context of genetic data. First of all, the peculiarities of the basic principles of BDAR in the regulation of genetic data are explored. Then it proceeds to an analysation of the main features of the rights of data subjects and an overview of how these rights can be implemented in the process of processing genetic data is also done. It is emphasized that the implementation of both the principles and the rights of data subjects are an integral part of the processing of genetic data. In the last - fourth - part of the master 's thesis, a consistent analysis of the BDAR special rules applicable to the processing of genetic data is made. First, the most common exceptions that make the processing of genetic data possible (such as the consent of the data subject, the important public interest, the purpose of the research and the case where the data are clearly published) are identified. Later on, data protection impact assessment as a measure to be usually taken before starting processing genetic data is also discussed. Finally, the appointment of a Data Protection Officer is considered. The appointment of mentioned officer is necessary if the processing of the genetic data is considered to be the main activity of the controller and is carried out on a large scale. |