Amendment LIBE #2016

Article 32+

Article 32a Data protection risk analysis 1. The controller shall carry out a risk analysis with regard to data processing operations, assessing whether at least two of the risk factors referred to under Article 5b(1) to (10) exist. 2. Where at least two of the risk factors referred to under Article 5b(1) to (10) exist, the controller or the processor acting on the controller's behalf shall carry out a data protection impact assessment pursuant to Article 33. 3. Where less than two of the risk factors referred to under Article 5b(1) to (10) exist, the risk analysis and its findings shall be documented. 4. The risk analysis shall be reviewed at the latest after one year, or immediately, if the nature, the scope or the purposes of the data processing operations change significantly.

Current Data Privacy Rating is : stronger    Alexander Alvaro Germany ALDE


comments powered by Disqus