Stay GDPR compliant with Data Protection Impact Assessments
What are DPIAs (Data Protection Impact Assessments)?
Under the Article 35 of the GDPR, DPIAs, or Data Protection Impact Assessments are mandatory for processing activities that are “likely to result in a high risk to the rights and freedoms of data subjects”. DPIAs function to analyze, identify, and minimize data protection risks.
DPIAs are expected to include:
- A description of the processing activity
- A legal basis for data processing (for example, Consent of the data subject)
- An evaluation of the risks of the data processing including likelihood & severity
- Add any necessary mitigations to ensure an appropriate residual risk
Here's how to conduct a DPIA:
Head to your processing activities page and select an activity that requires a DPIA.
DPIA's includes the following use cases:
- Profiling and other types of evaluations of personal identifiable aspects
- Large-scale processing of personal information and personal identifiable information
- Data collection and processing that takes place in an automated manner
- Surveillance of public areas at a large scale
At the bottom of the activity's page, under "DPIA info", click "Yes".
Mine provides five common risks used in DPIA's:
- External breach
- Internal breach
- Excessive data collection
- Data misclassification
- Contractual breach
You can choose which risks are applicable here. To remove risks, hover over the risk and click "Remove" at the bottom righthand corner of its pane .
You can also add custom risks. To do so, head to the bottom of the DPIA panel and select "Add risk"
For each applicable risk, fill out its "Likelihood" and "Severity.
If you are unsure of what each risk is or how to estimate a risk, click "How to estimate this risk?" for a support panel with additional information and insights.
You can also choose to add mitigation mechanisms or comments. Adding a mitigation mechanisms, will automatically decrease any residual risk.
If you'd like to export your completed DPIA, click "Generate DPIA" at the bottom of the DPIA panel.
Click here to learn more about the importance of privacy risk assessments.
If you have questions about the DPIA process, talk to us at firstname.lastname@example.org, and we'll be happy to help!🙂