HomeInsightsEuropean Data Protection Supervisor publishes “quick-guide to necessity and proportionality”

Article by

The EDPS explains that the processing of personal data, be it collection, storage, use or disclosure, constitutes a limitation on the right to the protection of personal data and must comply with EU law. This requires ensuring that it is both necessary and proportional.

The eight steps outlined in the new EDPS quick-guide aim to help organisations assess the compatibility of measures impacting the fundamental rights to privacy and to the protection of personal data with the EU Charter of Fundamental Rights.

The four steps for assessing necessity are:

  1. factual description of the measure;
  2. identify fundamental rights and freedoms limited by data processing;
  • define the objectives of the measure; and
  1. choose the option that is effective and least intrusive.

The four steps for assessing proportionality are:

  1. assess the importance of the objective and whether the measure meets the objective;
  2. assess the scope, extent and intensity of the interference;
  • proceed to the “fair balance” evaluation of the measure; and
  1. if the measure is not proportionate, identify and introduce safeguards.

To access the quick guide in full, click here.