Engage the GDPR Specialists to establish whether a Data Protection Impact Assessment should be conducted in relation to your data processing.Data Protection Impact Assessment is a new legal institution introduced by the GDPR, which is aimed at assessing the risk related to individual data processing operations. It is mandatory to execute a Privacy Impact Assessment if the data processing is "likely to result in a high risk to the rights and freedoms of natural persons". The impact assessment is a procedure executed by the data controller at its own discretion, with the potential implication that the data controller is obliged to initiate preliminary consultations with the National Authority for Data Protection and Freedom of Information (NAIH) if the result of the impact assessment indicates that the processing of data would presumably incur high risk. According to Article 35 (7) of the GDPR, the Data Protection Impact Assessment covers the review of at least the following areas:
- systematic description of the proposed data processing operations and data processing objectives, including where appropriate, the legitimate interest to be validated by the data controller
- in light of the purposes of data processing, execution of necessity tests and proportionality reviews in relation to the data processing operations
- examination of risks relating to the rights and freedoms of the data subject, and
- presentation of the measures aimed at managing the risks, including any guarantees, security measures and mechanisms that serve to validate the protection of personal data and compliance with this regulation, taking into consideration the rights and legitimate interests of the data subject and other individuals.