In order to comply with the principle of accountability, introduced by the GDPR, it is essential to identify and manage the risk related to processing, in order to assess implementation of adequate internal policies and adoption of measures that meet, in particular, the principles of data protection by design and data protection by default. In the presence of an emergency situation, the impact assessment previously carried out in accordance with art. 35 of the GDPR should be updated, taking into account and/or reassessing the previously mapped risks and any new risks related to the event that occurred.
Read here the full version of the article.
Source: Risk Management 360