DPIA: How to Carry Out One of the Key Principles of Accountability
New projects and initiatives are continuously and increasingly taking place in large organizations. Therefore, privacy teams are legitimately wondering if all these projects need a Data Protection Impact Assessment, and which one need to be supported in priority. And what about other projects? Generally speaking, can these GDPR compliant projects rely on the existing ecosystem? And what to do with processing activities already implemented? Many questions to which we will try to answer in this paper.
KeywordsData protection impact assessment Privacy by design WP29 criteria Processing operation sensitivity
- 1.Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016Google Scholar
- 2.Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is ‘likely to result in a high risk’ for the purposes of Regulation 2016/679 - WP 248 rev. 01Google Scholar
- 3.CNIL Guidelines on DPIA. https://www.cnil.fr/fr/PIA-privacy-impact-assessment
- 4.Documentation on CNIL DPIA tool. https://www.cnil.fr/en/open-source-pia-software-helps-carry-out-data-protection-impact-assesment