No. 1/2017

Data protection impact assessments in the European Union: complementing the new legal framework towards a more robust protection of individuals 

Dariusz Kloza, Niels van Dijk, Raphaël Gellert, István Böröcz, Alessia Tanas, Eugenio Mantovani and Paul Quinn

ISSN 2565-9936 

 

Screenshot 2017 05 19 13.15.44

This paper provides recommendations for the European Union (EU) to complement the requirement for data protection impact assessment (DPIA), as set forth in the General Data Protection Regulation (GDPR), with a view of achieving a more robust protection of personal data.

In April 2016 the EU concluded the core part of the reform of its legal framework for personal data protection. The Union is currently preparing implementing measures and guidelines to give full effect to the new legal provisions before their applicability from May 2018. This reform introduces, among other ‘novelties’, a legal requirement to conduct a DPIA. However, this requirement bears a few weak points.

In order to remedy that by informing this on-going policy-making process, the present policy brief attempts to draft a best practice for a generic type of impact assessment, i.e. recommended for different areas (section II). Section III makes an early evaluation of how this best practice relates to the specific impact assessment requirement set forth in the GDPR, i.e. DPIA. These sections are preceded by succinct background information on impact assessments as such: definition, historical overview, and their merits and drawbacks (section I). Section IV concludes this paper by offering recommendations for complementing the DPIA requirement in the GDPR: (1) to expand the scope of the DPIA requirement in the GDPR; (2) to develop methods for conducting such an assessment; (3) to establish ‘reference centres’ on DPIA at data protection authorities (DPAs). This policy brief is addressed predominantly to policy-makers at the EU- and Member State-level, notwithstanding the potential interest it might gain from their counterparts elsewhere in the world.

 

Download the policy brief here!

Availability

Address: 

Pleinlaan 2

1050 Elsene, Brussels

Belgium

+32 2 629 24 60

dpialab@vub.ac.be 

www.dpialab.org

www.dpialab.brussels

www.vub.ac.be/LSTS/dpialab

 

About us

d.pia.lab

Brussels Laboratory for Data Protection & Privacy Impact Assessments

Research Group on Law, Science, Technology & Society (LSTS)

Faculty of Law and Criminology

Vrije Universiteit Brussel

 

 

 

Go to top