GDPR Art. 32 Risk Assessment
The General Data Protection Regulation (GDPR), in effect from 25 May 2018, requires all organisations that process any EEA personal data in any way to conduct a risk assessment meeting the requirements of GDPR Article 32, 'Security of processing':
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: the pseudonymisation and encryption of personal data; the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. - GDPR Article 32(1)
Danielyan Consulting offers comprehensive GDPR security risk assessment, testing, evaluation and implementation consultancy services. In addition to our technical expertise we can draw upon resources of a specialist London-based law firm to help any organisation with any complex legal or compliance challenges.