Risk management

Yes. In accordance with the principle of transparency and the applicable regulations on the protection of personal data, the information included in the privacy policy must be provided in all languages used on the website.

From the moment a product, service or application is designed that involves the processing of personal data, the data controller must adopt the organisational and technical measures to integrate into the processing, product or service guarantees that allow compliance with the principles of the GDPR.

These measures may consist of minimizing the processing of personal data. Pseudonymising personal data as soon as possible and providing transparency to the functions and processing of personal data allows interested parties to supervise the processing and the controller to create and improve security elements.

If you want to know more details on this topic, you can consult the guidelines 4/2019 of the European Data Protection Board on Article 25 of the GDPR, data protection by design and data protection by default.

Yes, Article 32 on the safety of treatment takes a risk-based approach. It establishes, for example, that technical and organizational measures must be implemented to guarantee a level of security appropriate to the risk; in particular, the risk associated with the loss, destruction, access, alteration and unauthorized disclosure of data.

In a way, risk analysis is the minimum required basis when an impact assessment is not mandatory.