AbstractThe General Data Protection Regulation (GDPR) is the new EU data protection legal framework. It repealed the EU Data Protection Directive in 2018. The aim of the GDPR is double: a privacy legislation which better fits the digital age and which harmonises, or bring into conformity with each other, the data protection laws of the 28 EU member states. The data protection officer (DPO) is one of the main actors under the GDPR whereby the effective and efficient conduction of a data protection impact assessment (DPIA) is part of his responsibilities.
This study aims to determine how DPO’s perceive the process of conducting a DPIA, and how they see the harmonisation goal of the GDPR through this lens of the DPIA. Based on a review of the literature on GDPR, DPIA and harmonisation, semi-structured interviews were conducted.
The conclusions linked the success of harmonised DPIAs to the quality of the (inter)national guidelines and the level of service provided by the DPOs’ data protection authority. It also revealed that the national exceptions imposed by the national data protection authorities and the initiatives of the sectorial federation/umbrella organisations can greatly contribute to the failure or success of harmonised DPIAs.
|Date of Award||9 Dec 2019|
|Supervisor||Laury Bollen (Examiner) & Harry Martin (Co-assessor)|
- General Data Protection Regulation
- Data Protection Impact Assessment
- Data Protection Officer