RISK ANALYSIS AND DATA PROTECTION IMPACT ASSESSMENT CONDUCTED IN THE PUBLIC SECTOR
The European Parliament and Council Regulation (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC introduced a new one, a proactive model of protection of personal data processed in the organization, based on a risk-based approach. It imposed on the administrators new obligations related to conducting analyzes of the risk of violation of the rights and freedoms of persons whose data they process. Considering the scope, scale and categories of personal data processed, public sector entities face a huge challenge to meet the restrictions of the EU legislator. An additional difficulty is often a very extensive organizational structure, complicated processing processes, limited financial resources and unadjusted IT systems. The article discusses issues of risk analysis and impact assessment for the protection of personal data processed in the public sector in order to meet the requirements of the GDPR. The key issue in this respect is the adoption of an appropriate methodology in the risk estimation process, because properly carried out it enables the implementation of security measures adequate to potential threats.