A PROPOSED METHODOLOGY FOR CONDUCTING DATA PROTECTION IMPACT ASSESSMENT AND RISK ASSESSMENT IN AN ORGANIZATION
A PROPOSED METHODOLOGY FOR CONDUCTING DATA PROTECTION IMPACT ASSESSMENT AND RISK ASSESSMENT IN AN ORGANIZATION
DOI:
https://doi.org/10.46687/jsar.v18i1.284Keywords:
Personal Data, GDPR, Risk Management, Risk Assessment, Data Protection Impact AssessmentAbstract
Two years after the enforcement of the General Data Protection Regulation (GDPR) many organizations in Bulgaria are still experiencing problems with its implementation. Part of the reason is that there is a lack of methodological guidelines provided by the Bulgarian data protection authority (CPDP) on how to assess and manage the risk associated with the processing of personal data. Here is a basic structure of such methodology which can be used by organizations in the public and private sector alike. It is heavily influenced by the principles adopted by the French data protection authority (CNIL) which was the first to introduce such guidelines. The methodology can be implemented as is, or expanded according to the specific organizational needs.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2023 JOURNAL SCIENTIFIC AND APPLIED RESEARCH
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.