EU DP Regulations likely to take a more risk-based approach


The EU draft DP Regulations should take a more risk-based approach, the EU Data Protection Authorities (DPAs) say. The EU Art. 29 DP Working Party considers that some of the provisions in the proposed Regulation may pose a burden on some controllers; all obligations should therefore be scalable. However, data subjects should have the same level of protection, regardless of the size of the organisation or the amount of data it processes, the DPAs say.

The Data Protection Commissioners' views are reflected in the most
recent EU Council's Presidency note of 22 February, which says that
where the risk to personal data is higher, more detailed obligations
would be justified. For example, many of the articles relating to
controller and processor obligations, data security and privacy impact
assessments are now being redrafted to be more risk-based.

See EU Art 29 DP Working Party's statement about the current discussions on the EU DP framework at

Read more about this topic in the Privacy Laws & Business International
Report. For more information and to subscribe, go to


If you would like to comment on this article, please login or register.


Tag cloud