Data controllers must also analyze the context in which the data is presented, as well as the risk of re-identification. Not only that, but technical methods for performing de-identification are not prescribed by law, but rather are often left to the discretion of the data controller
Data controllers (which includes records managers) are not required to file a specific “discovery” notification as long as their data processing activities have been regularly filed with the French authorities
In these circumstances, data controllers and processors will be required to produce a privacy impact report that identifies how such personally identifiable information is collected, managed and safeguarded in compliance with the regulations for the protection of personal data
**Views expressed in this blog are my personal views and not those of my employer. Any reference to any living person or organisation, past or present, is entirely co-incidental** As any blogger is allowed to do, let me play devil’s advocate for a moment. We may think we speak...
1 Comment - My 5 cts would be: the logs are owned by the 'data controller', so the IT archive owner