Skip to main content
0
Les règlementaires

GDRP : Can an impact assessment be made after once the processing has begun?

RAKOTOARISON21 avril 2021juin 10th, 20243 min read
analyse d'impact RGPD

Hello everyone, this is Manon DURAND, health lawyer at Pharmaspecific. We are meeting today to talk about the General Data Protection Regulation (the GDPR) which is, I remind you, the reference text in terms of personal data protection and which came into force in the European Union on May 25, 2018.

The question of the day is whether it is possible to implement a data protection impact assessment a posteriori, i.e. once the processing has already begun. The impact assessment is a tool to ensure compliance with the GDPR and is intended for processing operations that could generate high risks for the rights and freedoms of the data subjects, i.e., it balances the security measures implemented by the data controller with the rights and freedoms of the data subjects.

So, in practice, the impact assessment can be done as you wish, but the CNIL provides a software called PIA that allows you to perform your impact assessment in a very clear and simple way. So, you can use this software and it is better for all these reasons to set up the impact assessment before your processing because it will allow you, if you find that some security measures are insufficient or are badly used, to adopt corrections before your processing.

However, the GDPR is not always straightforward so you may have forgotten to implement your impact assessment. If this is the case, there is nothing to stop you from doing it anyway during your processing. This will allow you, if you have corrections to make on certain security measures, to identify and implement them and, otherwise, if you identify a data breach, you can still notify the CNIL to be truly in compliance with the GDPR.

Les personnes qui ont lu cet article ont lu aussi  Comprendre les textes législatifs ou règlementaires en recherche clinique

In conclusion, the impact assessment is preferably set up before the processing, but nothing prevents you from setting it up during your processing if you have not been able to do it before. Please refer to the CNIL website to know in which case you have to set up an impact assessment. And I remind you that this is the responsibility of the data controller with the help of his processor, if necessary.

That’s it for this video, I hope you liked it. If you did, don’t hesitate to subscribe to our channel and to like this video and you will find in the information bar information on our services and in particular the monthly legal watch and the legal advice in clinical research. As for me, I’ll see you soon for a new video.{:}

Si tu as aimé cet article, je te remercie de « liker » ou de partager avec tes collègues et amis Attaché de Recherche Clinique :)
   
   
Next Post

Recommended For You

Procédure opératoire standardisée Les règlementaires

What is standard operating procedures?

RAKOTOARISON
RAKOTOARISON4 juillet 2024
Loi jardé en pratique Les règlementaires

Loi Jardé: en pratique le CPP et l’ANSM

RAKOTOARISON
RAKOTOARISON1 juillet 2024
Conseils consentement éclairé Les règlementaires

10 conseils pour réussir son consentement éclairé

RAKOTOARISON
RAKOTOARISON11 juin 2024

Laisser un commentaire

Pharmaspecific

Une société spécialisée dans la recherche clinique.

Pharmaspecific

Adresse

Parc Descartes

23 rue Nobel 77420 champs sur marne.

- France

Contactez-nous

T: +33(0)9 87 04 64 92

© 2024 Pharmaspecific

Terms & Conditions

Privacy Policy