CHAPTER 10: REQUIREMENTS FOR DATA PROTECTION IMPACT ASSESSMENTS

The DPIA is one of the specific processes mandated by the GDPR. Many organisations will be required to conduct DPIAs and, in many instances, an organisation may find it a valuable process even when a DPIA is not required by the Regulation.

DPIAs are used to identify specific risks to personal data as a result of processing activities and the significance of their role in a PIMS could be compared to that of the information security risk assessments required by ISO/IEC 27001 and described in ISO/IEC 27005 (see chapter 11). DPIAs naturally have a greater focus on data protection and privacy, of course, so a more focused model is valuable. The Regulation describes the purpose of DPIAs: ...

Get EU General Data Protection Regulation (GDPR), third edition - An Implementation and Compliance Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.