Abstract

Data processing impact assessment is an element of the new approach to the issue of personal data security. Data administrators will themselves assess the impact of planned processing operations on civil rights and freedoms. In certain cases the assessment will be mandatory. If the risk of violating rights or freedoms turns out to be high, planned processing must be consulted with the supervisory authority. Insufficient identification of risk or failure to consult the supervisory authority when it is mandatory may result in a penalty being imposed by the authority.