52—Consideration of data protection impact assessment report.

52.

(1) In conducting a data protection impact assessment, a data controller or a data processor may consult the Office for advice on whether risks identified and mitigation measures suggested are viable in the outlined circumstances.

(2) In reviewing the data protection impact assessment report, the Data Commissioner may make any recommendations to be incorporated prior to commencing the processing operations.

(3) Where a data controller or data processor, upon submitting the data protection impact assessment report to the Data Commissioner, does not receive any communication within sixty days of submission, may commence processing operations and the assessment report shall be taken to have been approved.

(4) A data controller or data processor may publish on its website the data protection impact assessment Report.

103  PART VIII—DATA PROTECTION IMPACT ASSESSMENT