Data protection impact assessment

17. May 2024
cropped LogoHeader 1

My first podcast is online – experimenting with a new medium

26. August 2024

The growing popularity of “just chatting” among influencers and streamers

26. August 2024
Preparing for the Digital Service Act as a business

Digital employment contracts: Soon to be a reality at last

26. August 2024
Interstate Broadcasting Treaty: Probably no gamer privilege for streamers!

Copyright infringement on YouTube: Warning also necessary after complaint proceedings

26. August 2024
lawyer is providing information about the client s 2022 10 06 05 57 37 utc

Unjustified termination and claim for damages with influencer agencies

26. August 2024
YouTube: What to do about copyright extortion?

YouTube is only liable under Art. 6 DSA if the infringement is reported with sufficient specificity

26. August 2024

Why millions of websites currently have an incorrect legal notice ;-)

13. August 2024

No compensation for scraping incidents on Facebook

13. August 2024
SEO and law – a balancing act between visibility and security

SEO and law – a balancing act between visibility and security

13. August 2024

Blockchain and AI in law – new territory or proven terrain?

13. August 2024

Covert non-cash formation: an underestimated risk for startups

13. August 2024

Key Learnings from my presentation: Navigating the Complex World of AI and Law

13. August 2024
No Result
View All Result
Kostenlose Kurzberatung
No Result
View All Result
Willkommen in der Wissensdatenbank von ITMediaLaw
Kategorien
Inhaltsverzeichnis

Tags

Advice Bgh Blockchain Blog Case law Computer Computer game Consumer Contracts Copyright Damages Development digital Esports E‑mail Facebook Federal court Frankfurt Google Hamburg Influencer Information internet Judgment KI Laws Lawsuit Lawyer Legal certainty Legal question Liability Mail Model olg Portal Privacy right Security Server service Software Sponsor Termination Test Warning

All Blog Posts

Marian Härtel als Esport Anwalt

Data protection impact assessment

A data protection impact assessment (DPIA) is a process designed to identify, assess, and manage the risk posed to individuals by an organization’s use of a particular technology or system to their fundamental rights. It is governed by Article 35 of the General Data Protection Regulation and in most cases replaces prior checking by the supervisory authority.

Requirements

A data protection impact assessment shall be carried out where, due to the nature, scope, circumstances and purposes of the processing, there is likely to be a high risk to the rights and freedoms of natural persons. This is especially the case with:

  • Systematic and comprehensive assessment of personal aspects relating to natural persons which is based on automated processing, including profiling, and which in turn serves as a basis for decisions which produce legal effects concerning natural persons or similarly significantly affect them
  • Extensive processing of special categories of personal data pursuant to Article 9(1) or of personal data relating to criminal convictions and offenses pursuant to Article 10 GDPR
  • Systematic extensive monitoring of publicly accessible areas

In addition, a data protection impact assessment must be carried out if it is on the positive list pursuant to Article 35(4) of the General Data Protection Regulation of the competent supervisory authority.

Content

At a minimum, the impact assessment includes the following:

  • A systematic description of the intended processing operations and the purposes of the processing, including, where appropriate, the legitimate interests pursued by the controller
  • An assessment of the necessity and proportionality of the processing operations in relation to the purpose
  • An assessment of the risks to the rights and freedoms of data subjects pursuant to paragraph 1 and
  • The mitigating measures envisaged to address the risks, including safeguards, security measures and procedures ensuring the protection of personal data and demonstrating compliance with this Regulation, taking into account the rights and legitimate interests of data subjects and other data subjects

Processing operation

The term “processing operation” is not legally defined. The German supervisory authorities understand processing operations to be “the sum of data, systems (hardware and software) and processes”.

Veröffentlicht
Aktualisiert

Leave a Reply

Your email address will not be published. Required fields are marked *

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
Kostenlose Kurzberatung