Before and after enforcement of GDPR : personal data protection requests received by Croatian Personal Data Protection Agency from academic and research institutions / Livia Puljak, Anamarija Mladinić, Ron Iphofen, Zvonimir Koporc.
Sažetak

Introduction The European Union’s (EU) General Data Protection Regulation (GDPR) was put in force on 25th May 2018. It is not known how many personal data protection requests the national authority in Croatia had received before and after GDPR, and how many of those were related to research. Materials and methods We obtained data from the Croatian Personal Data Protection Agency (CPDPA) about requests/complaints related to personal data protection that were received specifically from academic/research institutions, specifically the number and type of all cases/requests between the years 2015-2019. Results In 2018, CPDPA had a dramatic increase in the number of requests in the post-GDPR period, compared to the pre-GDPR period of the same year. In 2019, CPDPA received 2718 requests/complaints; less than in the year 2018. From 2015 to 2019, CPDPA received only 37 requests related to research. Conclusions Very few requests about personal data protection from academic and research institutions in Croatia were submitted to the national Croatian data protection authority. Future studies could explore whether researchers have sufficient awareness and knowledge about personal data protection related to research, to adequately implement the GDPR regulations.