Article 35 of the GDPR stipulates that a processor must carry out a Data Protection Impact Assessment (DPIA) before starting processing data that may lead to high risk for the data subjects. A DPIA is particularly important before processing that involves new technology, profiling, automated decision-making that has legal effects on the individual and if it involves special categories of personal data etc.
The purpose of a DPIA is to map out the risks related to the processing and implement routines and safeguards to mitigate them. A DPIA is also an important measure to demonstrate accountability, in accordance with the article 5(2) of the GDPR.
Do your legitimate interest assessments stand up to scrutiny?
Connect with leading experts to secure your documentation before an audit. Ask for a second opinion from our experts. Track record with leading European startup, mid-size companies and listed global enterprises.
Get a quote today from the business law firm Sharp Cookie Advisors