Under the European Data Protection Board (formerly Article 29 Working Party), which Processing operation would require a Data Protection Impact Assessment (DPIA)?
Under the European Data Protection Board (formerly Article 29 Working Party), which Processing operation would require a Data Protection Impact Assessment (DPIA)?
A Data Protection Impact Assessment (DPIA) is required when processing operations are likely to result in a high risk to the rights and freedoms of individuals. This is particularly true for processing activities involving sensitive data such as health information. Therefore, a hospital processing patients’ genetic and health data in its hospital information system would definitely be an operation that requires a DPIA. Handling sensitive health information has a high potential impact on individual privacy and thus necessitates thorough impact assessment under the European Data Protection Board guidelines.
The correct answer is C. A hospital processing patient’s generic and health data in its hospital information system.
I would vote D. C is also a possibility but the answer is too to be definite.
Actually I change my mind to C