Under the General Gata Protection Regulation (GDPR), controllers must now now:
Keep a record of their processing activities (see here for more details); and
Carry out a Data Protection Impact Assessment (DPIA) where the data processing is likely to result in a high risk to the rights and freedoms of the data subjects.
A DPIA is a process designed to describe the processing, assess its necessity and proportionality and manage the risks to the individuals’ rights and freedoms resulting from thereof.
Under the European General Data Protection Regulation (GDPR), controllers (company or public authority using personal data for their purposes) are subject to new and/or more specific obligations than under the previous legislation (i.e. directive 95/46/EC).
Data controllers’ obligations under the GDPR are set out below.