Art. 55 - (vetoed)Art. 56 - (vetoed)Art. 57 - (vetoed)Art. 58 - (vetoed)Art. 59 - (vetoed)
XVII –impact report on protection of personal data: documentation from the controller that contains the description of the proceedings of processing of the personal data that could generate risks to civil liberties and fundamental rights, as well as measures, safeguards and mechanisms to mitigate the risk;
The national authority may determine that the controller must prepare an impact report on protection of personal data, including sensitive data, referring to its data processing operations, pursuant to regulations, subject to commercial and industrial secrecy. Sole paragraph. Subject to the provisions of the lead sentence of this article, the report must contain at least a description of the types of data collected, the methodology used for collection and for ensuring the security of the information, and the analysis of the controller regarding the adopted measures, safeguards and mechanisms of risk mitigation.
II – the result and the risks that one can reasonably expect of it;
The controller must communicate to the national authority and to the data subject the occurrence of a security incident that may create risk or relevant damage to the data subjects.
IV – the risks related to the incident;
Controllers and processors, within the scope of their competences, concerning processing of personal data, individually or in associations, may formulate rules for good practice and governance that set forth conditions of organisation, a regime of operation, procedures, including for complaints and petitions from data subjects, security norms, technical standards, specific obligations for the various parties involved in the processing, educational activities, internal mechanisms of supervision and risk mitigation and other aspects related to the processing of personal data.
§1 When establishing rules of good practice, the controller and the processor shall take into consideration, regarding the processing and the data, the nature, scope, purpose and probability and seriousness of the risks and the benefits that will result from the processing of data subject’s data.
d) establish adequate policies and safeguards based on a process of systematic evaluation of the impacts on and risks to privacy;