Phil,
NHS Digital look at this matter in their guidance
Kind regards
Heléna Ashton AMBCS |Information Governance Manager – Connecting Care
NHS South, Central and West Commissioning Support Unit
Third Floor – South Plaza, Marlborough Street, Bristol, BS1 3NX,
T: 0117 900 2180 | E: [log in to unmask] | M: 07768 978885
www.protectinginfo.nhs.uk | www.scwcsu.nhs.uk
Working Monday to Thursday
Please be aware that all e-mails received and sent by this organisation are subject to the Freedom of Information Act (2000) and may be disclosed to a third party. If you believe you have been sent this message in error, please inform the sender and delete the message and any attachments as soon as possible. All messages sent by this organisation are checked for viruses but this does not, and cannot, guarantee that a virus has not been transmitted.
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Phil Bradshaw
Sent: 17 September 2018 15:54
To: [log in to unmask]
Subject: [data-protection] High Risk Processing
Does anyone have a view on how "high risk" is interpreted for the purposes of Art 36(1).
Does it require simply that the potential impact be high / major or, as per typical matrix approach?
For example a typical matrix may score:
1 - 3 Low risk
4 - 6 Moderate risk
8 - 12 High risk
15 - 25 Extreme risk
So 8 is high risk and this includes:
Any major impact even if unlikely and I can see the logic of obtaining prior approval for something which may have a major impact.
Only minor impact but likely.
I have looked at ICO and WP29 guidance but find no real assistance. The examples certainly do not suggest they would expect prior consultation in the second case. They just use the phrase "likely to result in a high risk" consistently without seeming to take into account that assessing risk levels already involves assessing likelihood.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
********************************************************************************************************************
This message may contain confidential information. If you are not the intended recipient please inform the
sender that you have received the message in error before deleting it.
Please do not disclose, copy or distribute information in this e-mail or take any action in relation to its contents. To do so is strictly prohibited and may be unlawful. Thank you for your co-operation.
NHSmail is the secure email and directory service available for all NHS staff in England and Scotland. NHSmail is approved for exchanging patient data and other sensitive information with NHSmail and other accredited email services.
For more information and to find out how you can switch, https://portal.nhs.net/help/joiningnhsmail
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|