FEATURE3 August 2018

Taking a risk

x Sponsored content on Research Live and in Impact magazine is editorially independent.
Find out more about advertising and sponsorship.

Data analytics Europe Features GDPR Impact Privacy UK

Dr Michelle Goddard explains how assessing the risks involved in processing data is fundamental for organisations working under the new data protection framework.

Taking a risk

The new data protection framework, introduced recently by the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018, requires a fundamental shift in the approach to privacy, focusing on assessing risks and prioritising activities with a higher risk profile. 

Researchers will need to become comfortable with a more nuanced approach to compliance, as this new regime introduces a level of uncertainty to what may previously have been more rigid and clear-cut obligations. For instance:

  • Do you need to appoint a data protection officer (DPO)? This depends on the risk level of your organisation’s processing activities
  • Do you need to conduct a Data Protection Impact Assessment (DPIA) for each research project?  This depends on the risk of the proposed processing
  • Do you need to keep full records of any of your processing? It depends on the risk of processing, as well as the size of your organisation
  • Do you need to notify research participants, commissioning clients, or the Information ...