Marian Härtel

Mehr Ergebnisse...

Filter nach benutzerdefiniertem Beitragstyp
Beiträge
Wissensdatenbank
Seiten
Filter by Kategorien
Archive
Archive - Old blogposts
Blockchain and law
Blockchain and web law
Blockchain Law
Competition law
Copyright
Corporate
Data protection Law
Esport and politics
Esport Business
Esports
EU law
Featured
Internally
Investments
Labour law
Law and Blockchain
Law and computer games
Law and Esport
Law on the Internet
Law on the protection of minors
News in brief
Online retail
Other
Tax
Uncategorized
Warning
Web3 Law
Youtube video
Just call!

03322 5078053

Welcome to the knowledge base on ITMediaLaw
Kategorien

Tags

Advice Bgh Blockchain Blog Case law Chat Computer Computer game Consumer Contracts Copyright Damages Development digital Esports E‑mail Facebook Fairy Federal court Frankfurt Google Hamburg Information internet Judgment KI Laws Lawsuit Legal certainty Legal question Liability Mail Model Portal Privacy Security Server service Social security Software Sponsor Termination Test Twitter Warning

All Blog Posts

Data protection impact assessment

Inhaltsverzeichnis

A data protection impact assessment (DPIA) is a process designed to identify, assess, and manage the risk posed to individuals by an organization’s use of a particular technology or system to their fundamental rights. It is governed by Article 35 of the General Data Protection Regulation and in most cases replaces prior checking by the supervisory authority.

Requirements

A data protection impact assessment shall be carried out where, due to the nature, scope, circumstances and purposes of the processing, there is likely to be a high risk to the rights and freedoms of natural persons. This is especially the case with:

  • Systematic and comprehensive assessment of personal aspects relating to natural persons which is based on automated processing, including profiling, and which in turn serves as a basis for decisions which produce legal effects concerning natural persons or similarly significantly affect them
  • Extensive processing of special categories of personal data pursuant to Article 9(1) or of personal data relating to criminal convictions and offences pursuant to Article 10 GDPR
  • Systematic extensive monitoring of publicly accessible areas

In addition, a data protection impact assessment must be carried out if it is on the positive list pursuant to Article 35(4) of the General Data Protection Regulation of the competent supervisory authority.

Content

At a minimum, the impact assessment includes the following:

  • A systematic description of the intended processing operations and the purposes of the processing, including, where appropriate, the legitimate interests pursued by the controller
  • An assessment of the necessity and proportionality of the processing operations in relation to the purpose
  • An assessment of the risks to the rights and freedoms of data subjects pursuant to paragraph 1 and
  • The mitigating measures envisaged to address the risks, including safeguards, security measures and procedures ensuring the protection of personal data and demonstrating compliance with this Regulation, taking into account the rights and legitimate interests of data subjects and other data subjects

Processing operation

The term “processing operation” is not legally defined. The German supervisory authorities understand processing operations to be “the sum of data, systems (hardware and software) and processes”.

Zugehörige Beiträge:

Veröffentlicht
Aktualisiert
Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *

Information

Services