In such cases, a data protection impact assessment should be carried out by the controller prior to the processing in order to assess the particular likelihood and severity of the high risk, taking into account the nature, scope, context and purposes of the processing and the sources of the risk. That impact assessment should include, in particular, the measures, safeguards and mechanisms envisaged for mitigating that risk, ensuring the protection of personal data and demonstrating compliance with this Regulation.
GDPR Recital EN
Recital 90
Related across sources
Guidance Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation Guidance ARTICLE 29 DATA PROTECTION WORKING PARTY Guidance Guidelines 4/2019 on Article 25 Data Protection by Design and by Default Version 2.0 Adopted on 20 October 2020 Guidance Guidelines 01/2021 Guidance Guidelines 05/2020 on consent under Regulation 2016/679 Guidance Guidelines 1/2019 on Codes of Conduct and Monitoring Bodies under Regulation 2016/679