Abstract

The main goal of the right to personal data protection turns out to be their security. Various instruments of the legislation can achieve this task. EU law requires the data controllers to put in place measures to implement effectively the principles of protection and necessary safeguards' integration in compliance with the requirements of the GDPR protecting the data subjects. These safeguards should apply both during processing and planning the processed activity including the means of their managing. To this end it is important to consider the state of the art, the costs of implementation, the nature, the scope and the objectives of the personal data processing, and the risks and their burden on the rights and freedoms of the data subjects, as well. Another way to ensure the data security is to carry out the protection impact assessment and to find where the processing could to a risk for the rights and freedoms of individuals. The GDPR does not specify how to make the risk assessment, but rather contains a list of processing operations that are considered to pose a high risk and for which a preliminary impact assessment is particularly necessary.