GDPR questions and answers – knowledge base | ODO 24

GDPR questions and answers

GDPR: QUESTIONS AND ANSWERS

Category:

Risk

Is it permissible for a public administration body, pursuant to Article 35 (10) of the GDPR, not to carry out an assessment of the effects on the protection of personal data on the processing operations referred to in Article 6 (1) (c) of the GDPR?
Does remote reading of heat meters require an assessment of the effects of personal data processing (DPiA)?
Who's supposed to do the DPIA?
In a municipality's office, can the assessment of local government employees be a process that should be subject to an impact assessment?
Is DPIA necessary for the introduction of remote work in the workplace?
Is it necessary to carry out DPIA when implementing mLegitimation in school?
DPIA I and balance test when required for monitoring and data processing?
DPIA duty type of large-scale processing operation?
What are the test scenarios for continuity plans?
Do we assess the risk before the safeguards are put in place?
For the purpose of risk assessment, should we not assess the level of risk before the collateral is applied and after the collateral selected is applied?
In the case of risk identification at different levels, e.g. low, medium, high for different assets, do we take the highest value for that asset or do we identify the entire risk as the highest?
How to Prioritize Processes in BCP?
If you have a risk analysis for the protection of personal data (not for the organisation), will it be sufficient for the continuity plan? Or should it be expanded?
I would like to know how to assess necessity and proportionality when implementing the privacy requirement by design?
Does the risk analysis under the GDPR require an assessment of inherent and residual risks?
Who should carry out the risk assessment and what is the role of the IODA in this regard?
Do we do a risk analysis for each operation and how often do we do it?
What is the basis for calculating probability?
What is the role of the IOD in risk analysis?
How should small organisations approach risk analysis?

„We fully control the flow of our data"

Are you sure about that?

Discover a way to take control

Zapanuj nad RODO

Receive a free package of 4 tutorials and 4 e-learning trainings

The controller of your data is ODO 24 sp. z o.o. with its registered office in Warsaw (03-812) at Kamionkowska 45th street. Regulation of the Court of Justice. More information about the processing of personal data and your rights can be found at Privacy policy.

The controller of your data is ODO 24 sp. z o. o.