| The personal data protection impact assessment originated from the privacy impact assessment for balancing the conflict between the rational use and effective protection of personal data.It generated for the need of systems and mechanisms for data chaos governance,data life cycle security and multi-party synergy for the good governance.It has undergone changes from a self-regulatory mode to a mandatory mode to a recommended mode with being risk-driven and its evolution proceeded as a trend from slack to narrow in general.Different countries and regions have different establishment and application of the system;however,the overall personal data protection impact assessment is highly consistent in content and process on the purpose of risk prevention and control.The subjects of the personal data protection impact assessment are multiplex,includes the participating subject,the protected subject,the decision maker,the executive subject and the consulting subject;the object is the regulatory object,which refers to the data processing activities that may pose high risks to personal data protection.The assessment criteria applied in the personal data protection impact assessment is the criteria of “severity” + “probability”.The basic principles pursuant include “data minimization”,“purpose limitation”,“consent”,“retention limitation” and so on.Main processes include threshold assessment,identification,consultation,assessment and follow-up.Applicable personal data protection impact assessment facilitates to promote the risk management of “risk-based” methodology and the risk prevention based on “scenario”.The main problems in current practice are the unbalanced proportionality between cost and benefit,the difficulty to establish standardization process and the undesirable publication and availability of reports.The corresponding personal data protection impact assessment in China includes the assessment of cross-border data flow and the personal information security impact assessment system,and the assessment of cross-border data flow can be contained by the other.From the current situation of legislation,China's personal information security impact assessment can't realize the goals of data chaos governance,data life cycle security and multi-party synergy for the good governance.In order to promote the improvement of the system,it is inevitable to improve its legislative hierarchy,and it is possible to establish a common register,empower supervisory authorities and to set up independent data protection officers.And it's expected that an effective and internationalized personal data protection impact assessment will be established with the combination of the relevant standards for cross-border data flow. |
PDF Full Text Request