Risk for rights and freedoms
What does the EU GDPR mean with risk for rights and freedoms? Recital 75 of the Regulation explains it:
The risk to the rights and freedoms of natural persons, of varying likelihood and severity, may result from personal data processing which could lead to physical, material or non-material damage, in particular:
where the processing may give rise to discrimination, identity theft or fraud, financial loss, damage to the reputation, loss of confidentiality of personal data protected by professional secrecy, unauthorised reversal of pseudonymisation, or any other significant economic or social disadvantage;
where data subjects might be deprived of their rights and freedoms or prevented from exercising control over their personal data;
where personal data are processed which reveal racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership,
where the processing of genetic data, data concerning health or data concerning sex life or criminal convictions and offences or related security measures;
where personal aspects are evaluated, in particular analysing or predicting aspects concerning performance at work, economic situation, health, personal preferences or interests, reliability or behaviour, location or movements, in order to create or use personal profiles; where personal data of vulnerable natural persons, in particular of children, are processed; or
where processing involves a large amount of personal data and affects a large number of data subjects.
Risky data processing
Based on this specific recital we can understand if a specific data processing is risky or not for data subjects. Obviously, each company that processes sensitive data must run dedicated assessments in order to define its operative range regarding processing activities.
Swascan: risk for the rights and freedoms
In order to assure to your business the best tool available, Swascan together with Raoul Chiesa ( Raoul Chiesa interview ) developed a special cybersecurity platform. It is completely in Cloud, Pay per Use and SaaS. You can see for yourself in our brochure: Cybersecurity platform and have an in-depth look at our services. Our four services cover all the governance needs in terms of risk management and periodic assessment. Basically, the right tools to understand your focus areas are Vulnerability Assessment, Network Scan, Code Review and GDPR Assessment. Last but not least, don’t forget GDPR: our platform is 100% GDPR compliant ( GDPR infographic ) and to provide a full documentation here you can find some information about the new figure introduced by this law: DPO .