摘要：

Purpose: Contemporary threats are characterized by unpredictability, vehemence and interpermeation, and affect almost all areas of society functioning. The emergence of the Covid-19 pandemic, caused by the SARS-CoV-2a virus, resulted in crisis threats associated with possible loss of life, health or material possessions, destabilization of economic development, or loss of conditions for free existence. The lack of clear guidelines on how to deal with such a situation has revealed the inadequacies of the crisis management systems, which are - by design - aimed at efficient prevention of such situations as well as safety assurance and development of conditions for further advancement, i.e., containment of threat escalation, to the extent possible. The historical review of various events, analysis of the examined organizations' practices as well as overview of the legislation have led the Authors to address the issue of personal data protection throughout the ongoing pandemic. The article is thereby aimed at cataloging the risks and development of guidelines for operation during the COVID-19 pandemic, with respect to personal data protection. Design/methodology/approach: For the purpose of the article, multiple case studies were conducted in various organizations, where one of the article co-authors acted as a professional Data Protection Officer. The research was carried out in 20 entities of different business profiles. Findings: The main problems identified involved: body temperature measurement consents, virus test result or immunization data sharing, introduction of COVID-19 questionnaires and visiting regulations, employers' epidemiological proceedings conduct, and remote work models. Practical implications: The study resulted in the formulation of recommendations, regarding the steps to be taken by organizations in order to establish a catalog of risks via the following: identification of the actual risks, conduction of a risk assessment, development of a catalog of appropriate undertakings and procedures, preparation and maintenance of forces and resources, as well as definition of the principles for interaction of the actors involved. Further, a recommendation for implementation of a schedule of operation, based on the crisis management guidelines, has been formulated. Consequently, the basis for effective organizational operation involves ongoing verification of the procedures against the Chief Sanitary Inspector's and the Ministry of Health's guidelines, as well as observation and ongoing update of the trends in the crisis management changes. Originality/value: By identifying a catalogue of risks and formulating guidelines for action during a COVID-19 pandemic in relation to data protection, this article can contribute to the discussion on appropriate practices and strategies in this area. Simultaneously, it provides a valuable perspective on the adaptation of organizations to the dynamic changes in crisis management in the context of the COVID-19 pandemic.

展开