Performing an impact assessment

The Impact assessment is a reporting tool that helps controllers not only to comply with Regulation (EU) 2016/679 but also to demonstrate that appropriate measures have been taken for ensuring compliance with the Regulation. It is required where a particular type of processing, in particular using new technologies, and in view of the nature, scope, context and purpose of the processing, is likely to pose a high risk to the rights and freedoms of individuals. Then, before the processing is carried out, the controller shall assess the impact of the processing operations envisaged on the protection of personal data.

A number of peculiarities should be taken into account when carrying out an impact assessment on data protection, as the impact assessment should preferably contain information on:

  • Purpose of the impact assessment procedure;
  • In which cases is an impact assessment required?;
  • Legal framework;
  • Basic information on impact assessment;
  • Objectives to the Data Protection Impact Assessment:

 – Description of the envisaged processing operations and the purposes of the processing;

– An assessment of the necessity and proportionality of the processing operations in relation to the purposes;

  • An assessment of the risks to the rights and freedoms of data subjects and the measures envisaged to address the risks:

– Risks related to breach of the integrity or confidentiality of the processed personal data and measures intended to address the risks;

– Risks related to the loss of personal data processed and measures provided to address the risks;

– Risks related to the exercise of the data subject’s rights under Regulation (EU) 2016/679;

– Residual risk.

Due to the above mentioned peculiarities that should be taken into account when carrying out a data protection impact assessment, it is advisable to seek assistance from a specialist with experience in this matter. Krasimira Kadieva will gladly assist you in the preparation of the impact assessment as required by the Regulation (EU) 2016/ 679 since in her practice she has performed impact assessments for her clients.