Page 200 - JOURNAL OF LIBRARY SCIENCE IN CHINA 2018 Vol. 44
P. 200

199
                            Extended English abstracts of articles published in the Chinese edition of Journal of Library Science in China 2018 Vol.44  199


               explanation framework of citing behavior. Cited references analysis is also proved to be a proper
               method for studies on citing behavior and can be a bridge between information behavior and
               informetric. The practical implication is that academic communities are supposed to encourage the
               use of information with high quality. Universities, research institutions and public libraries should
               provide sources that scientists prefer and promote informal information channels. Education of
               academic literacy and information literacy is also very significant.



               EU data protection impact assessment and its implications

                          〇a*
               XIAO Dongmei〇 & TAN Lige
               The research on the European Union’s Data Protection Impact Assessment (DPIA) is to detect how
               EU addresses data security risks in the era of big data through a sophisticated assessment system.
               DPIA, originated from Privacy Impact Assessment (PIA), is contained in the PIA. The main
               differences of them lie in the scope, nature and time of generation.
                 The implementing subject of DPIA is the data controller. The data controller, as the decision
               maker and implementer, plays the core role in the whole process of DPIA. Its main tasks are to
               identify the need to implement DPIA, organize the DPIA group, consult the Data Protection Officer
               (DPO) under stipulated circumstances, seek the views of data subjects or their representatives on
               the measures after implementing a DPIA, and consult data supervisory authority beforehand when
               the risk is high.
                 The regulated object of DPIA is the data processing which will result in a high risk to the
               rights and freedoms of natural persons. Adopting a new technology is often risky; as a result,
               GDPR sets this as the general statutory situation of high risks. In addition, GDPR lists three
               special situations of high risks, i.e., automatic, systematic processing and evaluation of personal
               information, large-scale processing of sensitive data and large-scale monitoring of publicly
               accessible area.
                 A DPIA involves five stages: examination, consultation, assessment, report, safeguard and
               review. The examination is to conduct a preliminary analysis of the data processing behavior
               involved to identify the need to perform a DPIA. The consultation is interspersed in the various
               periods of review, assessment, report and safeguard. Based on the basic information obtained
               during the examination, the assessment determines the protection objectives, identifies the potential
               attackers, the motives of the attackers, and the types of attack outcomes through the simulation
               exercise of the project or plan, and then the assessment criteria will be identified.
                 The risk level of the project or plan will be determined according to the criteria, and the results
               of the assessment must be audited by a neutral and objective organization. After the assessment, the


               * Correspondence should be addressed to XIAO Dongmei, Email: 86650210@qq.com, ORCID: 0000-0001-7611-2058
   195   196   197   198   199   200   201   202   203   204   205