TECHNICAL AND LEGAL ASPECTS OF DATABASE'S SECURITY IN THE LIGHT OF IMPLEMENTATION OF GENERAL DATA PROTECTION REGULATION

In the modern era, information is not only a valuable commodity, but also a potential source of threat, especially when it comes to personal data. The implementation of the General Data Protection Regulation seeks to unify regulations and safeguards in a same manner across the EU. The following paper surveys how the legal aspects of GDPR influence the existing technical framework of databases containing personal data. In this research we want to show if the already existing technical infrastructure and safeguards implemented in databases containing personal data are sufficient and if not, if implementing new ways of protecting of data will require creating entire new system of databases or only changing of existing framework. Therefore, we combine an analysis of legal texts with a technical analysis of existing and newly implemented safeguards. While the GDPR doesn't answer what safeguards should be implemented (in the spirit of technological neutrality), the notion of pseudonymisation of the data is strongly advocated through the Regulation. In our paper we tried to show the algorithm, which create a pseudonymisation function that can change personal data into generic data with the possibility to reverse that process ad utilise data after de-pseudonymisation. Implementing safeguards based on the following function create a more safe environment for data safekeeping, while give nearly immediate access to data for authorised person, who can reverse pseudonymisation and transform generic data once more into personal data.