Developing a risk assessment methodology for data protection

It appears that all parties involved in the current negotiations of the proposed data protection regulation are happy with the risk-based approach adopted in the proposal. If the Council’s amendments make it in the final draft of the regulation, then data controllers under certain circumstances will have one more thing to worry about. They will be obligated to proactively carry out a data protection impact assessment (DPIA) before processing certain types of data that may present high risk to the data subjects. This precautionary approach is meant to strengthen the accountability requirements in the regulation, and to instill a risk management culture among data controllers. Weiterlesen