Stay GDPR compliant with Data Protection Impact Assessments in MineOS.
Here's how to conduct a DPIA:
Head to your Processing Activities page and select an activity that requires a DPIA.
DPIA's includes the following use cases:
- Profiling and other types of evaluations of personal identifiable aspects
- Large-scale processing of personal information and personal identifiable information
- Data collection and processing that takes place in an automated manner
- Surveillance of public areas at a large scale
At the bottom of the Activity's page, under "DPIA info", click "Yes".
MineOS provides five common risks used in DPIA's:
- External breach
- Internal breach
- Excessive data collection
- Data misclassification
- Contractual breach
You can choose which risks are applicable here. To remove risks, hover over the risk and click "Remove" at the bottom righthand corner of its pane .
You can also add custom risks. To do so, head to the bottom of the DPIA panel and select "Add risk"
For each applicable risk, fill out its "Likelihood" and "Severity".
If you are unsure of what each risk is or how to estimate a risk, click "How to estimate this risk?" for a support panel with additional information and insights.
You can also choose to add mitigation mechanisms or comments. Adding a mitigation mechanisms, will automatically decrease any residual risk.
If you'd like to export your completed DPIA, click "Generate DPIA" at the bottom of the DPIA panel.
Click here to learn more about the importance of privacy risk assessments.
If you have questions about the DPIA process, talk to us at firstname.lastname@example.org, and we'll be happy to help!🙂