Data administrators must conduct periodic evaluation on the impactof the personal data processedCommission for Personal Data Protection (CPDP) has adopted a new Ordinance № 1 for the minimum level of technical and organizational measures and admissible type of data protection, entered into force on 15.02.2013. The new ordinance repeals the existing one №1/2007.The new regulation aims to establish adequate protection of personal data in the registries maintained by the Commission depending on the nature of the data and the number of persons affected by impaired protection.The meaning of the organizational and technical measures introduced by new ordinance is ensuring the basic principles of data processing - confidentiality, integrity and availability of data.
Data administrators must periodically, on every two years, conduct an impact assessment of the personal data processed. Under the ordinance, "the impact assessment is a process determining the level of impact on a particular individual or group of individuals, depending on the nature of the personal data processed and the number of affected individuals for breaches of confidentiality, integrity or availability of data."
Within six months term as of the entry into force of the new Ordinance, the administrator must determine the level of impact of personal data processed.
There are no comments at the moment.