Evaluarea impactului asupra protecţiei datelor cu caracter
personal
The impact assessment on the personal data protection
Author(s): Jugastru CalinaSubject(s): Law, Constitution, Jurisprudence
Published by: Universul Juridic
Keywords: (EU) Regulation 2016/679; personal data; impact assessment; procedure; concept; purpose; object; responsible persons; criteria; contents;
Summary/Abstract: Impact assessment on the personal data protection is one of the new procedures initiated upon entry into force of the Regulation (EU) 2016/679, known as “General Data Protection Regulation”. The determining factor of the impact assessment is the high risk of the data processing over the rights ad freedoms of the natural persons. The new Regulation shall apply starting with 25 May 2018, so that the data subjects and the data controllers must acquaint with the increased requirements of the protection of the right to privacy (and of the protection of the other rights and freedoms). The procedure of the impact assessment is compulsory when the risk that the processing involves is high, in relation to the fundamental rights and freedoms. The criteria according to which the impact assessment is compulsory, arise from the text of the Regulation and from the working document drafted by the Working Group Art. 29 – Guide concerning the impact assessment on the data protection. The impact assessment on the personal data protection needs a series of preparatory documents, for the purpose of its practical use. Those responsible for processing are the decision-makers concerning the existence of the high risk for the rights and freedoms of the natural persons. The opinion of the person responsible for the data protection is important (in the cases where the appointment of the responsible person is compulsory), as the purpose of the assessment is to demonstrate the compliance of the data processing with the provisions of the Regulation. The Regulation contains the general framework of the impact procedure, as its provisions are applicable to all types of data processing. On the other hand, each field of activity has its own specific character, so that the methodologies at the sectoral level will comprise the specific criteria of the processing operations. The examples provided for in the Guide are useful, in terms of identifying the methodology of the impact assessment (time, responsible persons, contents of the assessment, cases in which the prior consultation of the supervisory authority is compulsory).
Journal: Revista Română de Drept Privat
- Issue Year: 2018
- Issue No: 01
- Page Range: 109-125
- Page Count: 17
- Language: Romanian
- Content File-PDF
