Ocena skutków dla ochrony danych

Thumbnail Image

Files

SPP 2020(30)2_Aleksandra_Pyka.pdf (212 KB)

Date

2020

Authors

Advisor

Editor

Journal Title

Journal ISSN

Volume Title

Publisher

Wydawnictwo Naukowe UAM

Title alternative

Data Protection Impact Assessment

Abstract

This article deals with the issue of impact assessment for the protection of personal data. This is a new obligation for the controller. The article presents the essence of impact assessment (DPIA), exclusion from the obligation to carry it out, the prerequisite for mandatory DPIA, the role of the data protection officer and the powers of the supervisory authority. The analysis of legal provisions related to the impact assessment presented here does not refer to specific situations, due to the wide scope for interpreting specific phrases contained in the General Regulation. Nevertheless, the article discusses the issue of conducting data protection impact assessments as one of the most problematic obligations incumbent on the controller, who in practice raises many doubts. The DPIA has been imprecisely regulated by the EU legislator, thus leaving controllers plenty of leeway to interpret the terms used in the General Regulation. In addition, carrying out a DPIA in practice (as a new obligation on entities setting the purposes and means of data processing) can be problematic due to the lack of harmonized methods for conducting a data protection impact assessment. However, controllers cannot assign DPIA implementation to other entities involved in data processing, such as an entity processing personal data on behalf of another. Entities setting the purposes and methods of data processing should not only take into account the provisions of the General Regulation but also a list of data processing operations that are obligatorily subject to DPIA. Controllers fulfilling the obligation to carry out a data protection impact assessment will be obliged by the supervisory authority to demonstrate how to carry out a data protection impact assessment.

Description

Sponsor

Keywords

data protection impact assessment, DPIA, data controller, risk, personal data

Citation

Studia Prawa Publicznego nr 2(30), 2020 s. 161-180.

ISBN

URI

http://hdl.handle.net/10593/25946

DOI

https://doi.org/10.14746/spp.2020.2.30.6

Title Alternative

Rights Creative Commons

Creative Commons License

Collections

Studia Prawa Publicznego, 2020, Nr 2 (30)
Repository logo

Adam Mickiewicz University Repository

is a repository of the Adam Mickiewicz University in Poznan. The purpose of the repository is to disseminate the scientific output of employees and to promote research conducted at UAM.

  • Biblioteka Uniwersytecka UAM

  • ul. F. Ratajczaka 38/40, Poznań

  • Telefon: (61) 829-3878

  • E-mail: amur@amu.edu.pl


Sprawdź czy wydawca pozwala na zamieszczenie opublikowanych artykułów w repozytorium - SHERPA (Romeo)

Follow us on Twitter
Uniwersytet im. Adama Mickiewicza w Poznaniu
Biblioteka Uniwersytetu im. Adama Mickiewicza w Poznaniu
Ministerstwo Nauki i Szkolnictwa Wyższego