64 Data protection impact assessment
64 Data protection impact assessment

(1)     Where a type of processing is likely to result in a high risk to the rights and freedoms of individuals, the controller must, prior to the processing, carry out a data protection impact assessment.

(2)     A data protection impact assessment is an assessment of the impact of the envisaged processing operations on the protection of personal data.

(3)     A data protection impact assessment must include the following—

(a)     a general description of the envisaged processing operations;

(b)     an assessment of the risks to the rights and freedoms of data subjects;

(c)     the measures envisaged to address those risks;

(d)     safeguards, security measures

Popular documents