Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
The risk-based approach to privacy: Risk or protection for business?
Journal of Data Protection & Privacy,
1
(4),
339-344
(2018)
Abstract
The so-called ‘risk-based approach’ introduced by the European General Data Protection Regulation (GDPR) is based on the concept that the privacy measures implemented by the data controllers shall be proportional to the level of risks associated with the type of data-processing activities, the evaluation of which should be subject to an objective assessment (the privacy impact assessment; PIA). To guarantee harmonisation among data protection procedures and enforcement across the EU member states, it is crucial for EU data protection supervisory authorities to cooperate in the identification of criteria for the performance of PIAs, possibly taking advantage of the examples in certain EU jurisdictions (such as the UK and France) and the International Standards Organisation (ISO).
Keywords: privacy; data protection; European General Data Protection Regulation; GDPR; risk-based approach; privacy impact assessment; PIA; international standards; ISO; privacy by design; privacy by default
The full article is available to subscribers to the journal.
Author's Biography
Giulio Coraggio is partner of the Italian Intellectual Property and Technology team of DLA Piper Italy, head of the Italian technology sector and global co-chair of the Internet of Things group at DLA Piper. He advises world-leading operators on data protection, information technology and internet law issues, including issues related to the Internet of Things, wearable technologies and e-health and telemedicine projects, as well as on international commercial and technology contracts, e-commerce, e-payment deals, telecommunications, unfair commercial practices and misleading advertising.
Giulia Zappaterra is a member of the Italian intellectual property and technology team at DLA Piper Italy. She focuses on data protection, data breach and cyber security issues and regularly assists clients in the review of their data protection compliance programmes. She also assists both Italian and international companies in extra judicial matters with regard to information technology issues, e-commerce and e-payment, and consumer law as well as in drafting and reviewing commercial agreements and technology contracts, including cloud projects.
