neděle 24. září 2017

What a Data Protection Impact Assessment is and isn’t

GDPR: What a Data Protection Impact Assessment is and isn’t
Na serveru "" na adrese: publikovala 21.9. 2017 Rebecca Herold článek, v kterém vyvrací 3 mylné představy o to, co je a co není splněním požadavků GDPR. 
Cituji z textu článku: "One case in point is performing a GDPR compliant data protection impact assessment (DPIA). I’ve heard and read a variety of statements made about DPIAs over the past several months, and I want to correct and clarify a few of the ones that I’ve heard that have been especially of concern."
3 mylé představy:
1. “I’ve already done a privacy impact assessment (PIA), so I’ve got the GDPR DPIA requirement already taken care of!”
2. “Our lawyers told us it was a legal activity, and that IT, privacy and information security folks don’t need to bother with worrying about doing a DPIA.
3. “I got a free 10-question GDPR readiness checklist from the Internet, so I’ll use that for my DPIA.
Cituji ze závěru článku:
"To the specific point of performing a DPIA, I recommend that organizations use a framework that not only addresses and meets the GDPR requirements, but can also meet other requirements for performing other types of privacy impact assessments. I’ve created a PIA framework, based upon the ISACA Privacy Principles, which consolidates similar privacy principle requirements and topics into the 14 ISACA Privacy Principles, and maps all the DPIA requirements within them, in addition to those DPIA questions also mapping to other standards, frameworks and regulatory data protection requirements."