Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Spain: AEPD publishes new risk management and DPIA guide

The Spanish data protection authority ('AEPD') published, on 29 June 2021, a new guide on risk management and carrying out a Data Protection Impact Assessment ('DPIA'), comprising interpretations of the AEPD, European Data Protection Board ('EDPB') and European Data Protection Supervisor ('EDPS'). In particular, the guide is aimed at data controllers, processors, and data protection delegates assisting in compliance with data protection regulation, and is applicable to any processing, irrespective of its level of risk. In addition, the guide incorporates the guidelines to carry out a DPIA, and where necessary prior consultation with the AEPD, in accordance with Article 36 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR').

Alongside the guide, the AEPD has presented its 'Evaluate-Risk GDPR' tool, which helps data controllers and processors identify the risks to the rights and freedoms of the interested parties that are present in the processing, make a first assessment of the risk, including the need to carry out a DPIA, and estimate the residual risk if measures and guarantees are used to mitigate the risks.

You can read the press release here, the guide here, and access the tool here, all only available in Spanish.