"/>

PAe - AEPD publishes a model of report to assist public administrations to conduct evaluations impact on data protection
the accesskey _ mod _ content

The AEPD publishes a model of report to assist public administrations to conduct evaluations impact on data protection

12 July 2019

Collects all aspects that must be taken into account by the AAPP to produce a report of impact assessment (EIPD), complementing the practical guide published by the agency

The Spanish Agency of data protection (AEPD) has published a Model of impact assessment report on data protection (EIPD) dirigido a Administraciones Públicas con el fin de facilitar la realización de estas evaluaciones y desarrollado a partir de la Practical guide for impact assessments in data protection (Opens in new window) , publicada por la AEPD. El modelo ha sido elaborado en colaboración con el Ministerio de Trabajo, Migraciones y Seguridad Social y el Centro de Seguridad de la Información de la Gerencia de Informática de la Seguridad Social.

Entre las obligaciones que el Reglamento General de Protección de Datos (RGPD) impone a los responsables del tratamiento se encuentra la necesidad de evaluar el impacto de las actividades de tratamiento en la protección de datos cuando resulte probable que dicho tratamiento pueda entrañar un alto riesgo para los derechos y libertades de las personas. 

The model collects all aspects that must be taken into account to produce a report of impact assessment, among which is the description of treatment, the legal basis which justifies, analyses of treatment, the obligation to make a EIPD or performance, as well as measures to reduce the risk, an action plan and a paragraph of findings and recommendations.

While this model is not directed at responsible make data treatments low risk, where it is not mandatory to make an impact assessment can be assessed the possibility of carrying out this analysis with other purposes, such as an in-depth study treatment; improve the overall management of processes of an organization; generate knowledge and culture of data protection, or take responsibility proactive.

Original source of the news (Opens in new window)

  • Administrative cooperation
General access point
 
General access point