Data protection impact assessment pursuant to Art. 35 GDPR
A data protection impact assessment is always required by law if the processing of personal data is likely to pose a high risk to the rights and freedoms of natural persons.
If a data protection impact assessment is required in your company, the appointment of a data protection officer is required by law in accordance with Section 38(1) of the Federal Data Protection Act (BDSG).
My recommendations to you:
- Check your processing of personal data for potential risks!
- Seek expert advice!
As a data protection officer, I can provide you with comprehensive advice.
If a data protection impact assessment is required, I am available to be appointed as your external data protection officer.
In accordance with Article 35(7) of the GDPR, the data protection impact assessment contains:
- a systematic description of the planned processing operations and the purposes of the processing, including, where applicable, the legitimate interests pursued by the controller;
- an assessment of the necessity and proportionality of the processing operations in relation to the purpose;
- an assessment of the risks to the rights and freedoms of data subjects referred to in paragraph 1; and
- the measures envisaged to address the risks, including safeguards, security measures and procedures to ensure the protection of personal data and to demonstrate compliance with this Regulation, taking into account the rights and legitimate interests of data subjects and other persons concerned.
My certifications
in the data protection environment
- Data protection officer according to GDPR and BDSG-neu
[Bitkom Academy] - Qualified IT risk manager according to ISO 31000 / ONR 49003
[DGI German Society for Information Security AG] - AI compliance officer [Bitkom Academy]
- Certified ScrumMaster® [Scrum Alliance]
- PRINCE2® Practitioner [QRP Management Methods International GmbH]
