Looking for an external Data Protection Officer?DATUREX GmbH Dresden
DATUREXData Protection Laws
DSG NRW — Table of Contents

§ 56 DSG NRW

Data protection impact assessment

(1)Where a form of processing, in particular using new technologies, is likely to result in a high risk to the rights and freedoms of data subjects by virtue of the nature, scope, context and purposes of the processing, the controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data.
(2)A single data protection impact assessment may be carried out to address a set of similar processing operations that present similar high risks.
(3)The controller shall involve the data protection officer in the carrying out of the impact assessment.
(4)The impact assessment shall take due account of the legitimate interests of the data subjects concerned and shall observe at least the requirements set out in Article 35(7) of Regulation (EU) 2016/679.
(5)Where necessary, the controller shall carry out a review to assess whether processing is performed in accordance with the data protection impact assessment; this shall apply at least where there have been changes in the risk associated with the processing operations.
Source:
https://recht.nrw.de/lrgv/gesetz/25052018-datenschutzgesetz-nordrhein-westfalen-dsg-nrw/
Citation:
GV. NRW. 2018 S. 218
As of:
2024-06-11
Retrieved:
2026-02-28