The Article 29 Working Party has published this week its “last revised” guidelines on data protection impact assessments and determining whether processing is “likely to result in a high risk” for the purposes of the GDPR. The DPIA is a “process” that, according to GDPR Article 35, at a minimum, systematically describes an organization’s processing operations and their purposes and assesses their necessity and proportionality, the risks they present to the rights and freedoms of data subjects, and the measures, safeguards, and mechanisms intended to address risks, so as “to ensure the protection of personal data and to demonstrate compliance with this Regulation taking into account the rights and legitimate interests of data subjects and other persons concerned.” IAPP Westin Fellow Muge Fazlioglu, CIPP/US, has the details of WP29's final thoughts on the matter.
Read More
Comments
If you want to comment on this post, you need to login.