Contact
When you consider starting the processing of personal data, it is necessary to carry out an analysis of the risks that this processing may imply for the rights and freedoms of natural persons. This analysis, which must always be properly documented, must take into account:
- The state of the art.
- Application costs.
- The scope, context and purposes of the processing.
Once the risks have been identified, it will be necessary to adopt the measures that minimise the probability and severity derived from the data processing operations. These measures may consist, among others, of data pseudonymisation, encryption or implementing verification systems.
Additionally, if you are a public sector entity you must follow the guidelines of the National Security Scheme, in the sense of also implementing the relevant security measures in accordance with the corresponding system category. To carry out this risk analysis, you need to use an internationally recognised methodology.
It is very important that you document in detail the risk analysis processes that have been carried out to comply with the principle of proactive responsibility.