TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

According to an opinion issued by the European Data Protection Board, businesses looking to process biometric, genetic or location data do not have to automatically conduct a data protection impact assessment first in order to comply with the EU General Data Protection Regulation, reports. The opinion differs from guidance offered by the U.K. Information Commissioner’s Office, and while the ICO is not required to update its guidance, it will need to justify the reason for not doing so if it chooses to. In a statement, an ICO spokesperson said it is "considering the European Data Protection Board’s recommendations and will provide a response in the coming weeks."
Full Story

1 Comment

If you want to comment on this post, you need to login.

  • comment Stuart Thomas CIPP/E • Oct 13, 2018
    If you read the other EDPB notices, it has said the same to most of the EU Supervisory Authorities. And in any case, DPIA's are relatively easy to do, and to have a record of no-harm, is probably a good risk management approach anyway; ethically, it not legally - some projects might not be of high risk, but are weakened by a lack of good security controls - which could be unpicked from a DPIA - which without could undermining other IT or processing environments where there are a large amounts of sensitive personal information.