Here’s a funny thing – recital 84 of the EU’s GDPR legislation states “…where processing operations are likely to result in a high risk to the rights and freedoms of natural persons, the controller should be responsible for the carrying-out of a data protection impact assessment…”. Paragraph 1 of Article 35 says pretty much the […]