Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Spain: AEPD publishes new risk management and DPIA guide
The Spanish data protection authority ('AEPD') published, on 29 June 2021, a new guide on risk management and carrying out a Data Protection Impact Assessment ('DPIA'), comprising interpretations of the AEPD, European Data Protection Board ('EDPB') and European Data Protection Supervisor ('EDPS'). In particular, the guide is aimed at data controllers, processors, and data protection delegates assisting in compliance with data protection regulation, and is applicable to any processing, irrespective of its level of risk. In addition, the guide incorporates the guidelines to carry out a DPIA, and where necessary prior consultation with the AEPD, in accordance with Article 36 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR').
Alongside the guide, the AEPD has presented its 'Evaluate-Risk GDPR' tool, which helps data controllers and processors identify the risks to the rights and freedoms of the interested parties that are present in the processing, make a first assessment of the risk, including the need to carry out a DPIA, and estimate the residual risk if measures and guarantees are used to mitigate the risks.
You can read the press release here, the guide here, and access the tool here, all only available in Spanish.