Jusletter IT

Why the GDPR Risk-Based Approach is About Compliance Risk, and Why it’s Not a Bad Thing

  • Autor/Autorin: Raphaël Gellert
  • Kategorie: Beiträge
  • Region: Belgien
  • Rechtsgebiete: Datenschutz
  • Sammlung: Tagungsband IRIS 2017
  • Zitiervorschlag: Raphaël Gellert, Why the GDPR Risk-Based Approach is About Compliance Risk, and Why it’s Not a Bad Thing, in: Jusletter IT 23. Februar 2017
The topic of the risk-based approach to data protection has stirred quite some controversy, with the main criticism arguing that it goes directly counter the fundamental right nature of the right to personal data protection. Given the latter, and following the opinion of the Article 29 Working Party, the General Data Protection Regulation (GDPR) has adopted a risk-based approach that is limited to matters of compliance. This presentation explores what is exactly meant by such compliance oriented risk-based approach, and more in particular how it can nonetheless take into account the whole spectrum of the data subjects’ fundamental rights and freedoms affected by data processing operations.

Table of contents

  • 1. Introduction
  • 2. The contradiction with the notion of risk in Art. 35 GDPR
  • 3. The hypothesis put forth: compliance risk
  • 3.1. Compliance risk: what is it and why it is not so bad?
  • 3.2. Why compliance risk? The debate between risk-based and rights based approaches and the conundrum of risk in the GDPR
  • 3.3. How to articulate a compliance risk with the assessment of the risk to the rights and freedoms of the data subjects?
  • 4. Conclusion: what protection to be expected from the risk-based approach?
  • 5. Bibliography

0 Kommentare

Es gibt noch keine Kommentare

Ihr Kommentar zu diesem Beitrag

AbonnentInnen dieser Zeitschrift können sich an der Diskussion beteiligen. Bitte loggen Sie sich ein, um Kommentare verfassen zu können.