This contribution delves into the EU Regulation 2016/679 that defines the accountability of data controllers, with regard to the processing of personal data, and imposes the adoption of technological and organizational measures demonstrating a full commitment to European data protection laws. A risk-based analysis and an impact-based approach are recommended for all personal data, and especially those concerning health, in order to safeguard the rights and freedoms of the data subjects.
The article also describes the processes that should be put in place to avoid errors and violations in the handling of personal data, which can result in physical, material or non-material damage to natural persons. The controller, in fact, needs to evaluate the situation carefully and follow a series of compulsory steps to assess any potential weaknesses in the system.
A balancing act between public health concerns and privacy protection is necessary; this can be obtained through a detailed analysis of the norms and their careful implementation.
Keywords: data concerning health, privacy, risk-based analysis, impact-based approach, data protection