|
|
The GDPR indicates that we must carry out a data protection impact assessment where a given type of processing - in particular using new technologies - is likely to result in a high risk to the rights and freedoms of natural persons due to its nature, scope, context and purposes.
This doesn't tell us much. All we see is that there are some data b2c email database processing operations that are likely to result in a high risk to the rights and freedoms of natural persons.
And such a situation may arise especially when data processing involves the use of new technologies.
However, this does not mean that every situation where we process personal data using new technologies will involve a high risk of violating the rights and freedoms of natural persons.
This concerns, for example, data processing operations that:
they interfere in a person's privacy in an above-standard way,
have a significant influence on it,
would result in significant negative consequences if data were leaked or lost.
Therefore, not every type of processing will require a DPIA. Particular attention should be paid if the processing involves the use of new technologies, and additionally:
if we carry out an assessment of personal factors relating to natural persons that is based on automated processing (including profiling) and is the basis for decisions that produce legal effects in relation to a natural person or otherwise have a significant impact on a given person;
in the event of large-scale processing of special categories of personal data (i.e. data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as genetic data, biometric data, data concerning health, sex life or sexual orientation) or data relating to criminal convictions and offences;
when there is systematic, large-scale monitoring of publicly accessible places.
|
|
发表于 2024-7-31 01:27:39