IDEAS home Printed from
   My bibliography  Save this book chapter

Compliance Management of GDPR in Healthcare Environment (University Medical Centre Ljubljana Case)


  • Marko Zebec Koren

    (University Medical Centre Ljubljana)


The article presents the starting points and activities of the University Medical Centre Ljubljana before and after European parliament adopted EU Regulation on Personal Data Protection in May 2016. UMC Ljubljana has designed/developed a four-dimensions scheme to help ensure compliance. Thus, we are dealing with the normative level, the procedural level, the technological level and the cultural level. Many of us are involved in the process of dealing with personal data. Many of us are involved in the process of dealing with our personal data, donating personal data, and sometimes selling it to corporations and institutions, at the same time. However, we can be the ones who in our professional environments encounter the personal data of other individuals and look at them, collect them, delete them, in short, process them. The EU regulation on personal data protection (with the "infamous" abbreviation GDPR) brings before us, on the one hand, a fundamental consideration of the nature and role of personal data and, on the other hand, a wealth of challenges, dilemmas, concerns and activities related to this area. The starting point in understanding the protection of personal data is "I am the owner of my personal data". To process personal data, each organization must have a legal basis. The collection and processing must be compliance with legal obligation, personal consent, contractual relationship, legitimate or public interest and protection of the vital interests of the individual. The collection and processing of personal data must be as small as possible and proportionate in regard to the purpose of the collection of the data. The data controller or processor of personal data must protect my data well enough. Thus, we can establish a framework here that gives us a tool in assessing and establishing the field of personal data protection.

Suggested Citation

  • Marko Zebec Koren, 2020. "Compliance Management of GDPR in Healthcare Environment (University Medical Centre Ljubljana Case)," MIC 2020: The 20th Management International Conference,, University of Primorska Press.
  • Handle: RePEc:prp:micp20:277-282

    Download full text from publisher

    File URL:
    File Function: full text
    Download Restriction: no


    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:prp:micp20:277-282. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Alen Jezovnik (email available below). General contact details of provider: .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.