Fragen & Antworten

Does my company have to carry out data protection impact assessment according to the GDPR?

As of May 2018, the responsible person has to carry out a data protection impact assessment in advance, if a form of processing of person-related data causes an anticipated high risk for the affected person due to type, scope, circumstances and purpose of the processing. Here, an assessment of the consequences for the protection of person-related data must be carried out already in advance. This will especially be the case when new technologies in data protection are implemented. The data protection impact assessment must at least contain the following contents:

  • A systematic description of the processing procedures and their purpose including the employers´ interests
  • A purpose-related assessment of the necessity and reasonability of the processing procedures
  • An assessment of the risks and liberties of the affected people, which can result from the type of processing
  • Planned measures of risk minimisation, such as guarantees, safety precautions and procedures to protect person-related data
Fragen und Antworten zu allen Rechtsthemen