EU General Data Protection Regulation (GDPR), third edition - An Implementation and Compliance Guide
by IT Governance
CHAPTER 11: RISK MANAGEMENT AND DPIAs
The Regulation notes that controllers and processors “should evaluate the risks inherent in the processing and implement measures to mitigate those risks”.196 This same consideration is mentioned several times throughout the Regulation, requiring the controller and the processor to take risks into account at many stages throughout the lifecycle of the personal data in question. Although it stops short of saying that the organisation should have an explicit risk management programme, it is clear that a systematic and comprehensive approach is the best way to ensure compliance.
Risk management is now a near-universal expectation of corporate management and, although smaller organisations might manage risk relatively ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access