CHAPTER 10: REQUIREMENTS FOR DATA PROTECTION IMPACT ASSESSMENTS

The DPIA is one of the specific processes mandated by the GDPR. Many organisations will be required to conduct DPIAs and, in many instances, an organisation may find it a valuable process even when a DPIA is not required by the Regulation.

DPIAs are used to identify specific risks to personal data as a result of processing activities and the significance of their role in a PIMS could be compared to that of the information security risk assessments required by ISO/IEC 27001 and described in ISO/IEC 27005 (see chapter 11). DPIAs naturally have a greater focus on data protection and privacy, of course, so a more focused model is valuable. The Regulation describes the purpose of DPIAs: ...

Get EU General Data Protection Regulation (GDPR) – An implementation and compliance guide, fourth edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.