Analiza ryzyka i ocena skutków dla ochrony danych osobowych przetwarzanych w podmiotach sektora publicznego

Abstract

The European Parliament and Council Regulation (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC, introduced a new one, a proactive model of protection of personal data processed in the organization, based on a risk-based approach. It imposed some new obligations on the administrators, related to conducting analysis of the risk of violation of the rights and freedoms of the persons, whose data they process. Considering the scope, scale and categories of personal data processed, public sector entities face a huge challenge to meet the restrictions of the EU legislator. An additional difficulty is often a very extensive organizational structure, complicated processing processes, limited financial resources and unadjusted IT systems. The article discusses the issues of risk analysis and impact assessment for the protection of personal data processed in the public sector, in order to meet the requirements of the GDPR. The key issue in this respect is the adoption of an appropriate methodology in the risk estimation process, because properly carried out, it enables the implementation of security measures adequate to potential threats.