Is your organization already GDPR proof? Are you looking for this Data Protection Impact Assessment to comply with Article 35 of the GDPR directive?
A Data Protection Impact Assessment (DPIA) has an objective to identify and analyze how data privacy of personal data might be affected by certain actions or activities. Executing DPIA's helps organizations to identify, assess and mitigate/minimize privacy risks during data processing activities. These assessments are particularly relevant when a new data processing process, system or technology is being introduced in the organization.
By frequently carrying out DPIAs, it will help to comply with the requirements of the GDPR and demonstrate that appropriate measures have been taken to ensure the organization is (willing to become) compliant.
If an organization is found not to be compliant with GDPR, failure to not adequately have conducted a DPIA, and therefore having the risk on a Personal Data breach, could lead to fines of up to 2% of an organization’s annual global turnover or €10 million – whichever is greater.
The GDPR mandates a DPIA be conducted where data processing “is likely to result in a high risk to the rights and freedoms of natural persons”. The following three primary conditions mentioned in the GDPR are:
- A systematic and all-encompassing evaluation of personal data aspects (relating to natural persons), which is based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning the natural person or similarly significantly affect the natural person;
- Processing on a large scale of special categories of data or of personal data relating to criminal convictions and offenses;
- Systematic monitoring of a publicly accessible area on a large scale.
The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. This policy directive was adopted in May 2016 because most Europeans say they want the same data protection rights across the EU and regardless of where their data is processed. It aims to make Europe fit for the digital age.
Enforcement date: 25 May 2018, at which time those organizations in non-compliance may face heavy fines.
We're here to help you become compliant. The GDPR comes with a set of Rules and Regulations for the protection of personal data inside and outside the European Union (EU) and affects all companies that save personal data from European citizens.
An international organization is defined by the GDPR directive as “an organization and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries” (GDPR Article 4).
We provide example GDPR document templates and also a complete set of GDPR templates in order to help you to comply with the GDPR regulations from the EU. These GDPR document templates are provided in Microsoft Office formats, and easy to customize to your organization’s specific needs. Often completed example documents are also provided in order to help you with your implementation in order to save precious time.
Download this Data Protection Impact Assessment now or check out our fit-for-purpose GDPR Complete Compliance Kit templates
here! The document(s) will be available to download immediately after purchase.