Risk analysis and impact assessment relating to data protection: its application to cooperative companies
Abstract
The GDPR requires all businesses to conduct a risk analysis of the processing of personal data. If this analysis shows that there is a high risk, it will be mandatory to perform a DPIA in order to foresee the impacts and risks this may pose to the privacy of the interested parties. On this basis, the GDPR requires the implementation of security and control measures to guarantee the rights and freedoms of individuals. This paper focuses, on the one hand, on analysing when a cooperative society must carry out a DPIA and, on the other hand, on studying the phases involved in conducting a DPIA correctly.
Received: 25 July 2019
Accepted: 21 February 2020
Published online: 01 April 2020
Downloads
References
AGENCIA ESPAÑOLA DE PROTECCIÓN DE DATOS, «Guía del Reglamento General de Protección de Datos para responsables de tratamiento», https://www.aepd.es/media/guias/guia-rgpd-para-responsables-de-tratamiento.pdf.
AGENCIA ESPAÑOLA DE PROTECCIÓN DE DATOS, «Guía para el cumplimiento del deber de informar», https://www.aepd.es/media/guias/guiamodelo-clausula-informativa.pdf.
AGENCIA ESPAÑOLA DE PROTECCIÓN DE DATOS, «Guía práctica para las Evaluaciones de Impacto en la Protección de los Datos sujetas al RGPD», https://www.aepd.es/media/guias/guia-evaluaciones-de-impacto-rgpd.pdf.
AUTORIDAD CATALANA DE PROTECCIÓN DE DATOS, «Guía Práctica: Evaluación de impacto protección de datos personales», https://apdcat.gencat.cat/.../GUIA-EVALUACION-DE-IMPACTO-CAST-2.0.pdf.
GRUPO PROTECCIÓN DE DATOS DEL ARTÍCULO 29, WP 248, «Directrices sobre la evaluación de impacto relativa a la protección de datos (EIPD) y para determinar si el tratamiento «entraña probablemente un alto riesgo» a efectos del Reglamento (UE) 2016/679», https://www.aepd.es/media/criterios/wp248rev01-es.pdf.
LÓPEZ CALVO, José. 2017. Comentarios al Reglamento Europeo de protección de Datos. Las Rozas (Madrid): Editorial Sepín.
MERCADER UGUINA, Jesús R. 2019. Protección de datos y garantía de los derechos digitales en las relaciones laborales, 3.ª ed., Francis Lefebre, Madrid, 2019.
MUÑOZ DEIROS, Eva. 2014. «La Privacidad desde el Diseño y las Evaluaciones de Impacto en la Protección de Datos». 31 de octubre de 2014, http://evamunoz.es/privacidad-desde-diseno-evaluaciones-impacto-protecciondatos/.
NIETO MARTÍN, Adán. 2015. «El cumplimiento normativo». En Manual de cumplimiento penal en la empresa, 25-48. Valencia: Editorial Tirant LoBlanch. https://dialnet.unirioja.es/servlet/articulo?codigo=4959230.
PUYOL, Javier. 2018. El modelo de evaluación de riesgos en la protección de datos EIPD / PIA’s. Valencia: Tirant lo Blanch, 2018.
RECIO GAYO, Miguel. 2016. «Aproximación basada en el riesgo, Evaluación de Impacto relativa a la protección de datos personales y consulta previa a la autoridad de control». En Reglamento General de protección de Datos. Hacia un nuevo modelo europeo de privacidad, 351-366. Madrid: Editorial Reus.
The authors, by submitting their manuscripts to the International Association of Cooperative Law Journal, accept the conditions listed below on copyright and undertake to comply with them.
1. Assignment of rights
The Publisher (University of Deusto) retains the copyright for this publication.
The authors, by submitting their manuscripts to the International Association of Cooperative Law Journal (BAIDC), without signing any document of assignment, grant to the Publisher (University of Deusto), royalty-free, the distribution, public communication, and reproduction rights of their work subject of publication in the International Association of Cooperative Law Journal (BAIDC), whichever the media may be, now known or developed in the future, for educational and scholarly purposes including the permission to include it in the databases where this Journal is indexed.
2. Authorship
The authors must be the sole creators of the work or legally acting on behalf of and with the full agreement of all the co-authors.
Authors warrant that no permissions or licences of any kind have been granted or will be granted that might infringe the rights granted to the Publisher (University of Deusto).
The authors assume the responsibility for obtaining all the necessary licences for the reproduction in their manuscripts of any text, material or illustration coming from another author, institution or publication.
3. Copyright and Code of conduct
Authors warrant that their work is original; has not been previously copyrighted or published in any form; is not under consideration for publication elsewhere; its submission and publication do not violate the Ethical Guidelines of the BAIDC and any codes (of conduct), laws or any rights of any third party.
4. Dissemination under Open Access regime
Upon its publication, the content of any Issue of International Association of Cooperative Law Journal (BAIDC), can be accessed, read, downloaded, copied, and distributed freely for non-commercial purposes, without prior permission from the Publisher or the author; provided the original work is properly cited and any changes to the original are clearly indicated.
5. Reuse of the article by the authors
Authors retain the right to present, display, distribute, develop, and republish their work, as long as they clearly indicate in the first footnote that the work was published in International Association of Cooperative Law Journal (BAIDC), for the first time, indicating the Issue number, year, pages, and DOI (if applicable).
Legal notice
Any use of the content of the paper against the rules set above in any medium or format, now known or developed in the future, requires prior written permission of the copyright holder.
The liabilities that may arise from complaints for publishing plagiarised articles are the sole responsibility of the authors.
.jpg)
.jpg)
.jpg)
1.jpg)
.jpg)
.jpg)
