AAU logo

Data protection assessment

A Data Protection Impact Assessment

The object of the General Data Protection Regulation and the Danish Data Protection Act (Databeskyttelsesloven) is that we must check and document in our processing of personal data whether we adequately protect the personal data we use in a specific data processing activity.

In some cases, an envisaged data processing activity and handling of personal data may be likely to result in a high risk of damage to the data subjects if the data end up in the wrong hands, are altered or disappear.

In these cases, AAU is obliged to check this potentially high risk and – if the risk proves to be high – to take measures aimed at reducing it.

If AAU cannot significantly reduce the risk, the processing of personal data may only be commenced following approval from the Danish Data Protection Agency.