Under the GDPR each supervisory authority has to prepare and submit to the European Data Protection Board (EDPB) a list of processing operations that require organisations to conduct Data Privacy Impact Assessments (DPIA).
If you're in any doubt about whether the processing of personal data you do is within the parameters of the General Data Protection Regulation (GDPR) then you should carry out a DPIA because the penalty for not doing so – when it’s appropriate to – is a €10-million fine, or 2% of annual global turnover, whichever is greater.
A Data Protection Impact Assessment is a process for building and demonstrating compliance with the GDPR.
It’s a process that an organisation can use to systematically describe its data processing purpose and operation, assess whether its processing is likely to result in risk for the data subjects concerned, and determine measures for addressing these risks.
There has been an explosion of global data protection regulations.
We’ve expanded our compliance framework to enable multiple regulations.
We’ve outgrown GDPR alone, so we’re changing our name to PrivIQ to reflect that and to focus on providing “Intelligent Compliance, Simply.”