è¿å¹Žãå人æ å ±ä¿è·ã«å¯Ÿããæèã®é«ãŸããèæ¯ã«ãGDPRãäžççã«æ³šç®ãéããŠããŸããã³ã³ãµã«ãã£ã³ã°æ¥çã«ãããŠã¯ãã¯ã©ã€ã¢ã³ãã®æ©å¯æ å ±ãæ±ãããšãå€ããããGDPRéµå®ã¯éèŠãªèª²é¡ãšãªã£ãŠããŸããGDPRéåã«ããé«é¡ãªå¶è£éãè©å€ã®äœäžãšãã£ããªã¹ã¯ãåé¿ããããã«ããå人ããŒã¿ã®é©åãªç®¡çãšã»ãã¥ãªãã£å¯Ÿçã®åŒ·åãæ±ããããŸããåæã«ãGDPRãžã®å¯Ÿå¿åãé«ããããšã¯ã顧客ããã®ä¿¡é Œç²åŸãšããžãã¹ãã£ã³ã¹ã®æ¡å€§ã«ã€ãªãããŸããæ¬èšäºã§ã¯ãã³ã³ãµã«ãã£ã³ã°æ¥çã«æºããæ¹ã ã«åããŠãGDPRã®æŠèŠãšãã®åœ±é¿ã察å¿ã¹ãããã«ã€ããŠåå¿è åãã«è§£èª¬ããŸãã
GDPRãšã¯äœãïŒã³ã³ãµã«ãã£ã³ã°æ¥çã®èŠç¹ãã解説
è¿å¹Žãå人æ å ±ä¿è·ã«é¢ããèŠå¶ãäžççã«åŒ·åãããäžã欧å·é£åïŒEUïŒã2018幎5æã«æœè¡ãããEUäžè¬ããŒã¿ä¿è·èŠåãïŒGDPRïŒGeneral Data Protection RegulationïŒã泚ç®ãéããŠããŸããGDPRã¯ãEUåå ã®å人ããŒã¿ä¿è·ããã®åãæ±ãã«ã€ããŠè©³çŽ°ã«å®ããããæ³ä»€ã§ãããEUåå ã§äºæ¥ãå±éããäŒæ¥ãçµç¹ã«å€§ããªåœ±é¿ãäžããŠããŸããç¹ã«ã³ã³ãµã«ãã£ã³ã°æ¥çã«ãããŠã¯ãã¯ã©ã€ã¢ã³ãã®æ©å¯æ å ±ãæ±ãããšãå€ããããGDPRãžã®å¯Ÿå¿ã¯éèŠãªèª²é¡ãšãªã£ãŠããŸããæ¬èšäºã§ã¯ãã³ã³ãµã«ãã£ã³ã°æ¥çã®èŠç¹ããGDPRã®æŠèŠãšãã®åœ±é¿ã«ã€ããŠè§£èª¬ããŸãã
GDPRã®æŠèŠãšãã®ç®ç
GDPRã¯ãEUåå ã®å人ããŒã¿ä¿è·ã匷åããããšãç®çãšããæ³ä»€ã§ããäž»ãªç¹åŸŽãšããŠä»¥äžã®ç¹ãæããããŸãã
- å人ããŒã¿ã®åãæ±ãã«é¢ããå³æ Œãªã«ãŒã«ã®èšå®
- å人ããŒã¿ã®åå€ç§»è»¢ã«é¢ããèŠå¶ã®åŒ·å
- ããŒã¿äž»äœïŒå人ïŒã®æš©å©ã®æ¡å€§
- éåããå Žåã®é«é¡ãªå¶è£é
GDPRã§ã¯ãå人ããŒã¿ã®åéãå©çšãä¿åãåé€ãªã©ãäžé£ã®åãæ±ãã«ã€ããŠè©³çŽ°ãªã«ãŒã«ãå®ããããŠããŸãããŸããEUåå€ãžã®å人ããŒã¿ã®ç§»è»¢ã«ã€ããŠãå³ããèŠå¶ãããŠãããååãªä¿è·æªçœ®ãæ±ããããŸããããã«ãããŒã¿äž»äœã§ããå人ã«å¯ŸããŠã¯ãèªèº«ã®ããŒã¿ãžã®ã¢ã¯ã»ã¹æš©ãåé€æš©ãªã©ãæ§ã ãªæš©å©ãä»äžãããŠããŸãã
GDPRãã³ã³ãµã«ãã£ã³ã°æ¥çã«äžãã圱é¿
ã³ã³ãµã«ãã£ã³ã°æ¥çã§ã¯ãã¯ã©ã€ã¢ã³ãã®æ©å¯æ å ±ãæ±ãããšãå€ããå人ããŒã¿ã®é©åãªç®¡çãæ±ããããŸããGDPRã®æœè¡ã«ããã以äžã®ãããªåœ±é¿ãèããããŸãã
åœ±é¿ | å 容 |
---|---|
ããŒã¿ç®¡çäœå¶ã®èŠçŽã | å人ããŒã¿ã®åãæ±ãã«é¢ããã«ãŒã«ãéµå®ãããããããŒã¿ç®¡çäœå¶ã®èŠçŽããå¿ èŠãšãªããŸãã |
ã»ãã¥ãªãã£å¯Ÿçã®åŒ·å | å人ããŒã¿ã®æŒæŽ©ãäžæ£ã¢ã¯ã»ã¹ãé²ããããã»ãã¥ãªãã£å¯Ÿçã®åŒ·åãæ±ããããŸãã |
ã³ã³ãã©ã€ã¢ã³ã¹æèã®åäž | GDPRéåã«å¯Ÿããå¶è£éã¯é«é¡ã§ãããããã³ã³ãµã«ã¿ã³ãã®ã³ã³ãã©ã€ã¢ã³ã¹æèã®åäžãéèŠã§ãã |
ç¹ã«ãã¯ã©ã€ã¢ã³ãã®ããŒã¿ã EUåå€ã«ç§»è»¢ããå Žåã«ã¯ãååãªä¿è·æªçœ®ãè¬ããå¿ èŠããããŸãããŸããããŒã¿äž»äœã§ããå人ããã®æš©å©è¡äœ¿ãžã®å¯Ÿå¿ãæ±ããããŸãã
GDPRã®åºæ¬ååãšã³ã³ãµã«ãã£ã³ã°æ¥åãžã®é©çš
GDPRã«ã¯ã以äžã®6ã€ã®åºæ¬ååãå®ããããŠããŸãã
- é©æ³æ§ãå ¬æ£æ§ãéææ§
- ç®çã®éå®
- ããŒã¿ã®æå°å
- æ£ç¢ºæ§
- ä¿åæéã®éå®
- å®å šæ§ãšæ©å¯æ§
ã³ã³ãµã«ãã£ã³ã°æ¥åã«ãããŠã¯ããããã®ååã«åºã¥ããŠå人ããŒã¿ãé©åã«åãæ±ãå¿ èŠããããŸããå ·äœçã«ã¯ã以äžã®ãããªå¯Ÿå¿ãæ±ããããŸãã
- å人ããŒã¿ã®åéã»å©çšç®çãæ確åããããŒã¿äž»äœã«èª¬æãã
- ç®çéæã«å¿ èŠãªç¯å²å ã§ã®ã¿å人ããŒã¿ãåéã»å©çšãã
- å人ããŒã¿ã®æ£ç¢ºæ§ã確ä¿ããå¿ èŠã«å¿ããŠææ°ã®æ å ±ã«æŽæ°ãã
- å人ããŒã¿ã®ä¿åæéãèšå®ããäžèŠãšãªã£ãããŒã¿ã¯éããã«åé€ãã
- å人ããŒã¿ã®æŒæŽ©ãäžæ£ã¢ã¯ã»ã¹ãé²ããããé©åãªã»ãã¥ãªãã£å¯Ÿçãè¬ãã
ãããã®ååãèžãŸããã³ã³ãµã«ãã£ã³ã°æ¥åå šè¬ã«ãããGDPRãžã®å¯Ÿå¿ãæ€èšããããšãéèŠã§ããç¹ã«ãã¯ã©ã€ã¢ã³ããšã®å¥çŽããããžã§ã¯ã管çãããŒã¿ã®åãæ±ããªã©ã«é¢ããããã»ã¹ã®èŠçŽããå¿ èŠãšãªããŸãã
GDPRã¯ãã³ã³ãµã«ãã£ã³ã°æ¥çã«ãšã£ãŠå€§ããªèª²é¡ã§ãããåæã«ããŒã¿ä¿è·ã«é¢ããæèãé«ããã¯ã©ã€ã¢ã³ããšã®ä¿¡é Œé¢ä¿ã匷åããæ©äŒã§ããããŸããGDPRã®èŠä»¶ãç解ããé©åãªå¯Ÿå¿ãè¡ãããšã§ãã³ã³ãµã«ãã£ã³ã°æ¥çã®çºå±ã«å¯äžããããšãã§ããã§ãããã
ã³ã³ãµã«ãã£ã³ã°æ¥åã«ãããGDPRéµå®ã®éèŠæ§
GDPRéåã«ããæ³çãªã¹ã¯ãšçœ°å
ã³ã³ãµã«ãã£ã³ã°æ¥çã«ãããŠã¯ãã¯ã©ã€ã¢ã³ãã®æ©å¯æ å ±ãå人ããŒã¿ãæ±ãããšãå€ããããGDPRã®éµå®ã¯æ¥µããŠéèŠã§ããGDPRã«éåããå ŽåãäŒæ¥ã¯é«é¡ãªå¶è£éãç§ãããå¯èœæ§ããããŸããå¶è£éã®äžéã¯ãå šäžç幎é売äžé«ã®4%ãŸãã¯2,000äžãŠãŒãïŒçŽ24ååïŒã®ããããé«ãæ¹ãšãªã£ãŠãããæ·±å»ãªçµæžçæ倱ã被ããªã¹ã¯ããããŸããããã«ãéåè¡çºãå ¬ã«ãªãã°ãäŒæ¥ã®è©å€ãä¿¡çšã«ã倧ããªãã¡ãŒãžãäžããããŸããã
GDPRã®éåäºäŸãšããŠã¯ã以äžã®ãããªãã®ãæããããŸãã
- å人ããŒã¿ã®äžé©åãªåãæ±ãïŒç®çå€å©çšãéå°ãªåéãäžæ£ã¢ã¯ã»ã¹ãªã©ïŒ
- ããŒã¿äž»äœã®æš©å©äŸµå®³ïŒã¢ã¯ã»ã¹è«æ±ãžã®é察å¿ãåé€è«æ±ã®æåŠãªã©ïŒ
- ããŒã¿ä¿è·è²¬ä»»è ïŒDPOïŒã®æªèšçœ®ãç£ç£æ©é¢ãžã®å ±å矩åã®ææ
- ããŒã¿æŒæŽ©äºæ ã®çºçãšé©åãªå¯Ÿå¿ã®æ¬ åŠ
ãããã®éåè¡çºã¯ãäŒæ¥ã®æ³ç責任ãåãããå¯èœæ§ããããæ°äºèšŽèšãåäºèšŽè¿œã®ãªã¹ã¯ã«ãã€ãªãããŸãããããã£ãŠãã³ã³ãµã«ãã£ã³ã°æ¥çã®äŒæ¥ã¯ãGDPRéµå®ã®ããã®ç€Ÿå äœå¶ã®æŽåãã³ã³ãã©ã€ã¢ã³ã¹æè²ã®åŸ¹åºãäžå¯æ¬ ã§ãã
顧客ããã®ä¿¡é Œç²åŸãšããžãã¹ãã£ã³ã¹ã®æ¡å€§
GDPRãéµå®ããããšã¯ãåãªãæ³ç矩åã®å±¥è¡ã«çãŸããŸãããããã¯ã顧客ããã®ä¿¡é Œãç²åŸããããžãã¹ãã£ã³ã¹ãæ¡å€§ããäžã§ãéèŠãªæå³ãæã¡ãŸããæšä»ãå人æ å ±ä¿è·ã«å¯Ÿããæèãé«ãŸãäžãããŒã¿ä¿è·ã«ç©æ¥µçã«åãçµãäŒæ¥ã¯ã顧客ããé«ãè©äŸ¡ãåŸãããšãã§ããŸããç¹ã«ã³ã³ãµã«ãã£ã³ã°æ¥çã§ã¯ãã¯ã©ã€ã¢ã³ããšã®ä¿¡é Œé¢ä¿ãæ¥åã®åºç€ãšãªããããGDPRãžã®å¯Ÿå¿åã¯ç«¶äºåã®æºæ³ãšãªãåŸãŸãã
ãŸããGDPRãéµå®ããŠããäŒæ¥ã¯ãEUåå ã®é¡§å®¢ãããŒãããŒäŒæ¥ããã®ä¿¡é ŒãåŸããããããžãã¹ãã£ã³ã¹ã®æ¡å€§ã«ã€ãªãããŸããEUåå ã§äºæ¥ãå±éããäžã§ã¯ãGDPRãžã®å¯Ÿå¿ã¯å¿ é æ¡ä»¶ã§ããããããæºãããŠããªãäŒæ¥ã¯åžå Žããæé€ããããªã¹ã¯ããããŸããéã«ãGDPRãžã®å¯Ÿå¿åãç©æ¥µçã«ã¢ããŒã«ããããšã§ãæ°ããªé¡§å®¢ã®éæãããŒãããŒã·ããã®æ§ç¯ã«åœ¹ç«ãŠãããšãã§ããã§ãããã
ããã«ãGDPRãžã®å¯Ÿå¿ãéããŠãèªç€Ÿã®ããŒã¿ç®¡çäœå¶ãèŠçŽããæ¥åããã»ã¹ãæé©åããæ©äŒã«ããªããŸããå人ããŒã¿ã®é©åãªç®¡çã¯ãæ¥åã®å¹çåãå質åäžã«ãã€ãªãããããé·æçãªèŠç¹ã§ã®ã¡ãªãããæåŸ ã§ããŸãã
ããŒã¿ä¿è·ãšã»ãã¥ãªãã£å¯Ÿçã®åŒ·å
GDPRã®éµå®ã¯ãããŒã¿ä¿è·ãšã»ãã¥ãªãã£å¯Ÿçã®åŒ·åã«ãçŽçµããŸããã³ã³ãµã«ãã£ã³ã°æ¥åã§ã¯ãã¯ã©ã€ã¢ã³ãã®æ©å¯æ å ±ãæ±ãããšãå€ããããæ å ±æŒæŽ©ã®ãªã¹ã¯ã¯åžžã«ååšããŸããGDPRãéµå®ããããã«ã¯ãå人ããŒã¿ã®é©åãªç®¡çäœå¶ã®æ§ç¯ãšãã»ãã¥ãªãã£å¯Ÿçã®åŒ·åãäžå¯æ¬ ã§ããå ·äœçã«ã¯ã以äžã®ãããªåãçµã¿ãæ±ããããŸãã
- å人ããŒã¿ã®åéã»å©çšç®çã®æ確åãšãããŒã¿äž»äœãžã®èª¬æ
- ããŒã¿æå°åã®ååã«åºã¥ããå¿ èŠæå°éã®å人ããŒã¿ã®åé
- å人ããŒã¿ã®æ£ç¢ºæ§ã®ç¢ºä¿ãšãå®æçãªæŽæ°
- å人ããŒã¿ã®ä¿åæéã®èšå®ãšãäžèŠãšãªã£ãããŒã¿ã®éãããªåé€
- æå·åãã¢ã¯ã»ã¹å¶åŸ¡ãªã©ã®æè¡ç察çã®å°å ¥
- åŸæ¥å¡ãžã®æè²ã»åçºæŽ»åã®å®æœ
ãããã®åãçµã¿ãéããŠãå人ããŒã¿ã®é©åãªç®¡çãšã»ãã¥ãªãã£å¯Ÿçã®åŒ·åãå³ãããšãã§ããŸããããŒã¿ä¿è·ã«é¢ããæèã瀟å ã«æµžéãããå šç€Ÿçãªåãçµã¿ãšããŠæšé²ããããšãéèŠã§ãããŸããå®æçãªç£æ»ãã¬ãã¥ãŒãè¡ããPDCAãµã€ã¯ã«ãåããŠããããšã§ãç¶ç¶çãªæ¹åãå³ãããšãã§ããŸãã
å ããŠããµã€ããŒæ»æãããŒã¿æŒæŽ©äºæ ã«åãã察å¿èšç»ã®çå®ãæ¬ ãããŸãããäžãäžã®äºæ ã«åããè¿ éãã€é©åãªå¯Ÿå¿ãã§ããäœå¶ãæŽããŠããããšãæ±ããããŸããããããåãçµã¿ãéããŠãã³ã³ãµã«ãã£ã³ã°æ¥çã«ãããããŒã¿ä¿è·ãšã»ãã¥ãªãã£å¯Ÿçã®åŒ·åãå³ããã¯ã©ã€ã¢ã³ãããã®ä¿¡é Œãç²åŸããŠããããšãéèŠã§ãã
ã³ã³ãµã«ãã£ã³ã°æ¥åã®GDPR察å¿ã¹ããã
å人ããŒã¿ã®åãæ±ãããã»ã¹ã®èŠçŽããšææžå
ã³ã³ãµã«ãã£ã³ã°æ¥åã«ãããGDPR察å¿ã®ç¬¬äžæ©ã¯ãå人ããŒã¿ã®åãæ±ãããã»ã¹ãèŠçŽããææžåããããšã§ããå ·äœçã«ã¯ã以äžã®ãããªäœæ¥ãå¿ èŠãšãªããŸãã
- å人ããŒã¿ã®åéã»å©çšç®çã®æ確åãšãããŒã¿äž»äœãžã®èª¬æ
- ããŒã¿æå°åã®ååã«åºã¥ããå¿ èŠæå°éã®å人ããŒã¿ã®åé
- å人ããŒã¿ã®æ£ç¢ºæ§ã®ç¢ºä¿ãšãå®æçãªæŽæ°
- å人ããŒã¿ã®ä¿åæéã®èšå®ãšãäžèŠãšãªã£ãããŒã¿ã®éãããªåé€
- å人ããŒã¿ã®åãæ±ãã«é¢ãã瀟å ã«ãŒã«ã®çå®ãšææžå
ãããã®äœæ¥ãéããŠãå人ããŒã¿ã®é©åãªç®¡çäœå¶ãæ§ç¯ããGDPRã®èŠä»¶ãæºããããšãã§ããŸãããŸããææžåãããã«ãŒã«ã瀟å ã§å ±æããå šåŸæ¥å¡ãåãèªèã®ããšã§æ¥åãéè¡ã§ããããã«ããããšãéèŠã§ãã
ããŒã¿ä¿è·è²¬ä»»è ïŒDPOïŒã®èšçœ®ãšåœ¹å²
GDPRã§ã¯ãäžå®ã®æ¡ä»¶ãæºããäŒæ¥ã«å¯ŸããŠãããŒã¿ä¿è·è²¬ä»»è ïŒDPOïŒã®èšçœ®ã矩åä»ããããŠããŸããDPOã¯ãå人ããŒã¿ã®é©åãªåãæ±ããç£ç£ããGDPRãžã®å¯Ÿå¿ãæšé²ãã圹å²ãæ ããŸããå ·äœçã«ã¯ã以äžã®ãããªæ¥åãè¡ããŸãã
- å人ããŒã¿ã®åãæ±ãã«é¢ãã瀟å ã«ãŒã«ã®çå®ãšéçšç¶æ³ã®ç£èŠ
- å人ããŒã¿ã®åãæ±ãã«é¢ããåŸæ¥å¡ãžã®æè²ã»åçºæŽ»åã®å®æœ
- å人ããŒã¿ã®åãæ±ãã«é¢ããç£æ»ã®å®æœãšæ¹åææ¡
- ç£ç£æ©é¢ãšã®é£çµ¡çªå£ãšããŠã®å¯Ÿå¿
- ããŒã¿æŒæŽ©äºæ çºçæã®å¯Ÿå¿ãšå ±å
DPOãèšçœ®ããããšã§ãå人ããŒã¿ã®é©åãªç®¡çäœå¶ãæŽåããGDPRãžã®å¯Ÿå¿åãé«ããããšãã§ããŸãããŸããDPOã®ååšã¯ã顧客ããã®ä¿¡é Œç²åŸã«ãã€ãªãããŸããã³ã³ãµã«ãã£ã³ã°æ¥çã§ã¯ãDPOã®èšçœ®ãç©æ¥µçã«æ€èšããããšãæšå¥šãããŸãã
åŸæ¥å¡æè²ãšGDPRã«å¯Ÿããæèåäž
GDPRã®éµå®ã«ã¯ãå šåŸæ¥å¡ã®ç解ãšååãäžå¯æ¬ ã§ããç¹ã«ã³ã³ãµã«ãã£ã³ã°æ¥çã§ã¯ãå人ããŒã¿ãæ±ãæ©äŒãå€ããããåŸæ¥å¡äžäººã²ãšããGDPRã®éèŠæ§ãèªèããé©åãªåãæ±ãã培åºããããšãæ±ããããŸãããã®ããã«ã¯ã以äžã®ãããªåãçµã¿ãæå¹ã§ãã
- GDPRã®æŠèŠãšç€Ÿå ã«ãŒã«ã«é¢ããå®æçãªç ä¿®ã®å®æœ
- å人ããŒã¿ã®åãæ±ãã«é¢ããã¬ã€ãã©ã€ã³ã®äœæãšåšç¥
- ããŒã¿ä¿è·ã«é¢ããæèåäžã®ããã®ãã£ã³ããŒã³ãã€ãã³ãã®éå¬
- å人ããŒã¿ã®é©åãªåãæ±ããè©äŸ¡ããä»çµã¿ã®å°å ¥
- GDPRã«é¢ããææ°æ å ±ã®å ±æãšç©æ¥µçãªè°è«ã®å¥šå±
ãããã®åãçµã¿ãéããŠãåŸæ¥å¡ã®GDPRã«å¯Ÿããæèãé«ããé©åãªå人ããŒã¿ã®åãæ±ãã浞éãããããšãã§ããŸãããŸããåŸæ¥å¡ã®æèåäžã¯ãããŒã¿ä¿è·ãšã»ãã¥ãªãã£å¯Ÿçã®åŒ·åã«ãã€ãªãããŸããã³ã³ãµã«ãã£ã³ã°æ¥çã§ã¯ãç¶ç¶çãªåŸæ¥å¡æè²ãšGDPRã«å¯Ÿããæèåäžã«æ³šåããããšãéèŠã§ãã
以äžã®3ã€ã®ã¹ããããçå®ã«å®è¡ããããšã§ãã³ã³ãµã«ãã£ã³ã°æ¥åã«ãããGDPRãžã®å¯Ÿå¿åãé«ããæ³çãªã¹ã¯ã®åé¿ãšé¡§å®¢ããã®ä¿¡é Œç²åŸãå³ãããšãã§ããŸããGDPRã¯ãããŒã¿ä¿è·ã«é¢ããæèãé«ããæ¥åããã»ã¹ãæé©åããæ©äŒã§ããããŸããã³ã³ãµã«ãã£ã³ã°æ¥çã®çºå±ã«å¯äžããããã«ããç©æ¥µçãªGDPR察å¿ãæ±ããããŠããŸãã
ãŸãšã
ã³ã³ãµã«ãã£ã³ã°æ¥çã«ãããGDPRãžã®å¯Ÿå¿ã¯ãæ³çãªã¹ã¯ã®åé¿ãšããžãã¹ãã£ã³ã¹ã®æ¡å€§ã«çŽçµããéèŠãªèª²é¡ã§ããGDPRéåã«ããé«é¡ãªå¶è£éãè©å€ã®äœäžãé¿ããããã«ããå人ããŒã¿ã®é©åãªç®¡çãšã»ãã¥ãªãã£å¯Ÿçã®åŒ·åãæ±ããããŸããåæã«ãGDPRãéµå®ããããšã§ã顧客ããã®ä¿¡é Œãç²åŸããEUåå ã§ã®äºæ¥å±éã®å¯èœæ§ãåºããããšãã§ããŸãã察å¿ã®ãã€ã³ãã¯ãå人ããŒã¿ã®åãæ±ãããã»ã¹ã®èŠçŽããšææžåãããŒã¿ä¿è·è²¬ä»»è ã®èšçœ®ãåŸæ¥å¡æè²ãéããæèåäžã§ããã³ã³ãµã«ãã£ã³ã°æ¥çã®çºå±ã«å¯äžããããã«ããç©æ¥µçãªGDPR察å¿ãæãŸããŸãã