The European law defines an assessment that must be conducted to analyse the impact of the data protection measures implemented (Regulation (EU) 2016/679). This includes the impact on the societal level, such as customer acceptance or rejection of the data protection measures.
Main Question
Has a data protection advisory service regarding data protection and information security been consulted?
Sub-Questions
- Is the societal impact, as in the case of customer rejection, assessed?
- Is the impact assessed of how data is used as evidence of ADF operation in the event of an accident?
- Is the impact assessed of how data is used by legal authorities and insurance companies?
- Is there a clearly defined process to ask for the deletion of data?
- Is personal data accurate and kept up-to-date?
- Is it authorised for third parties (such as marketing companies) to access the data?
References
- General Data Protection Regulation (EU) 2016/679. Available at: https://gdpr-info.eu/ (Accessed: 09 December 2025)