Recital 84
Recital 84
(84) 就處理活動可能造成當事人之權利或自由有高度風險之情形, 為了促進對本規則之遵守,控管者應負責執行資料保護影響評估,以 衡量(特別是)風險的來源、本質、特殊性與嚴重性。為證明個人資 料之處理符合本規則,在決定適當措施時,評估結果應納入考量。當 資料保護影響評估指出處理活動涉及高度風險而控管者無法以現有 技術及執行成本提供適當措施降低風險時,應於處理前徵詢監管機 關。
(84) In order to enhance compliance with this Regulation where processing operations are likely to result in a high risk to the rights and freedoms of natural persons, the controller should be responsible for the carrying-out of a data protection impact assessment to evaluate, in particular, the origin, nature, particularity and severity of that risk.
The outcome of the assessment should be taken into account when determining the appropriate measures to be taken in order to demonstrate that the processing of personal data complies with this Regulation.
Where a data-protection impact assessment indicates that processing operations involve a high risk which the controller cannot mitigate by appropriate measures in terms of available technology and costs of implementation, a consultation of the supervisory authority should take place prior to the processing.
Source: https://www.ndc.gov.tw/Content_List.aspx?n=F98A8C27A0F54C30
The latest consolidated version of the Regulation with corrections by Corrigendum, OJ L 127, 23.5.2018, p. 2 ((EU) 2016/679). Source: EUR-lex.