Guidance on the implementation of appropriate measures and on the demonstration of compliance by the controller or the processor, especially as regards the identification of the risk related to the processing, their assessment in terms of origin, nature, likelihood and severity, and the identification of best practices to mitigate the risk, could be provided in particular by means of approved codes of conduct, approved certifications, guidelines provided by the Board or indications provided by a data protection officer. The Board may also issue guidelines on processing operations that are considered to be unlikely to result in a high risk to the rights and freedoms of natural persons and indicate what measures may be sufficient in such cases to address such risk.
GDPR Recital EN
Recital 77
Related across sources
Guidance Version history Guidance Guidelines 01/2022 on data subject rights - Right of access Guidance Guidelines 1/2019 on Codes of Conduct and Monitoring Bodies under Regulation 2016/679 Guidance Guidelines 4/2019 on Article 25 Data Protection by Design and by Default Version 2.0 Adopted on 20 October 2020 Guidance Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation Guidance Guidelines 04/2022 on the calculation of administrative fines under the GDPR