The CNIL has upgraded its PIA tool aimed at carrying out data protection impact assessments (DPIA) or sometimes also called privacy impact assessment (PIA). A DPIA is a risk analysis that controllers must conduct before starting processing personal data in
Data Protection Impact Assessment (DPIA)
Under the General Gata Protection Regulation (GDPR), controllers must now now:
Keep a record of their processing activities (see here for more details); and
Carry out a Data Protection Impact Assessment (DPIA) where the data processing is likely to result in a high risk to the rights and freedoms of the data subjects.
A DPIA is a process designed to describe the processing, assess its necessity and proportionality and manage the risks to the individuals’ rights and freedoms resulting from thereof.