<Page under construction>
The Biker et al. method for DPIA is based on six protection goals:
- Confidentiality: ensures the protection against unauthorised and unlawful processing
- Integrity: ensures that data remain intact, complete, and up-to-date
- Availability: ensures that the data are available and usable in the intended process
- Unlinkability: ensures that data are processed and analysed only for the purpose for which they were collected
- Intervenability: provides the possibility for the data subjects to exercise their rights
- Transparency: is necessary for the monitoring and control of the data processing. Transparency ensures that data subjects and supervisory authorities can identify deficiencies and, if necessary, demand appropriate procedural changes.
Data minimisation is an additional protection goal. Data minimisation support the principle of necessity, which requires that any process (collect, process and use) do not involve more personal data than necessary for the achievement of the purpose of the processing.
During the risk assessment, it seems to be the standard practice to start describing risks and identify possible solutions. To guarantee an objective evaluation is essential to take into account the holistic approach of all the protection goals. "The protection goals are in a state of dual interplay. This leads to tension, as usually the strengthening of one protection goal leads to the detriment of its counterpart. T he evaluation, therefore, has to achieve the proper balance between the protection goals." [Biker et al. 2016].
|Last modified:||15 May 2019 2.39 p.m.|