Skip to content

Nature and Ideal Steps of the Data Protection Impact Assessment Under the General Data Protection Regulation

Atanas Yordanov

DOI https://doi.org/10.21552/edpl/2017/4/10



On 25 May 2018, a major new European Union data protection legislation act enters into force – the General Data Protection Regulation. Both the private and public sectors will have to comply with a new obligation in the Regulation – performing a Data Protection Impact Assessment (DPIA). This obligation is important for large, medium and small enterprises on a global level, because of the wide territorial scope of the law. The first part of the article aims to clarify the nature of the DPIA and proposes a definition for it. The second part offers a framework of the ideal steps of a DPIA, which should be taken in order to comply not only with the letter of the law, but also with its spirit.

Atanas Yordanov, LLM, ICT lawyer and freelance writer, Sofia, Bulgaria. For correspondence: <mailto:atanas.l.yordanov@gmail.com>. This article is based on the Master Thesis ‘Data Protection Impact Assessments under the General Data Protection Regulation’ submitted in fulfillment of the requirements of the Master of Laws: Advanced Studies Programme in Law and Digital Technology degree at Leiden Law School. The author would like to express his gratitude to Prof Bart Schermer for his supervision and aid throughout the time frame in which the thesis was formulated. His commentary was indispensable in clarifying some of the included concepts. The author would also like to thank Prof Bart Custers and Dr Esther Keymolen for their help.

Related Content

Atanas Yordanov
Category: Articles


Share


Lx-Number Search

A
|
(e.g. A | 000123 | 01)

Cite this article

Yordanov, A.
Nature and Ideal Steps of the Data Protection Impact Assessment Under the General Data Protection Regulation
European Data Protection Law Review
Volume 3, Issue 4 (2017)
pp. 486 - 495
DOI: https://doi.org/10.21552/edpl/2017/4/10

Export Citation