When we talk about a Data Protection Impact Assessment (DPIA), we refer to the preventive analysis that must be carried out before the data is processed, whenever it may involve risks or seriously affect people.
This is an indispensable task, since it allows us to anticipate and prevent possible risks to which personal data is exposed. Using our DPIA software aids in identifying the possible threats, making it easier to identify cases in which there is a greater likelihood of risk and we can therefore adopt preventive measures to reduce it.
Article 35 of GDPR indicates that the Data Protection Impact Assessment is mandatory in cases where there is “a high risk to the rights and freedoms of natural persons.
A Privacy Impact Assessment, not only mandatory according to GDPR, but this preventative measure can actually prevent problems occuring before they actually cause a problem.
This preventative analysis was necessary for Yokeru as article 35 of GDPR states that it is mandatory where there is “a high risk to the rights and freedoms of natural persons”.
Conducting an DPIA for your business can help you to improve the data protection measures you will take in all of your data processing activities. And it also helps you to prevent risks.
GDPR indicates that a Data Protection Impact Assessment (DPIA) is mandatory in cases where there is a high risk to the rights and freedoms of individuals. This task should be carried out prior to the processing of the data. Preventive measures have to be taken from the beginning.
A methodology that includes different steps has to be followed. GDPR indicates that first, a systematic description of the processing activity to be performed must be made. Also, “the necessity and proportionality of the processing with respect to its purpose” must be assessed. A risk assessment has to be carried out, and the measures to be taken on the basis of those identified risks have to be established.
The data privacy impact assessment, DPIA, must be carried out by the data controller. If he or she has been appointed, it should be done by the Data Protection Officer (DPO).