Contact
Another of the major novelties of the GDPR is the incorporation of the "risk approach". In this sense, it points out that the measures aimed at ensuring compliance must take into account the nature, scope, context and purposes of the processing, as well as the risk to people's rights and freedoms.
According to this approach, some of the measures that the GDPR establishes should only be applied when there is a high risk to rights and freedoms, while others should be modulated according to the level and type of risk presented by the processing.
Therefore, the application of the measures provided for by the GDPR must be adapted to the characteristics of the organisations. What may be appropriate for an organisation dealing with data of millions of data subjects, in complex processing involving sensitive personal information or large volumes of data about each affected person, is not strictly necessary for a small entity carrying out a limited volume of non-sensitive data processing. You will also need to review and update the measures when necessary.