Data privacy impact assessment (DPIA)
ePrivacy will advise and assist you in preparing for a data privacy impact assessment (DPIA), which companies are required to carry out in the case of new technologies and products pursuant to the EU General Data Protection Regulation.
ePrivacy will also be happy to prepare the documentation for a data privacy impact assessment (DPIA) on your behalf and to and consult with your management as to its content.
What is a DPIA?
Data privacy impact assessments (DPIAs) or privacy impact assessments (PIAs) are a new tool for the identification of risks to which consumers are becoming exposed in the wake of the use of new technologies and systems. These risks may compromise individuals' fundamental right to privacy and the protection of their personal data. Upon the coming into force of the EU General Data Protection Regulation in 2018, companies will under certain circumstances be legally required to carry out a DPIA prior to the implementation of a technology or prior to the application of a product.
Personal data is being collected in the context of many online services and applications to an ever-greater extent. The move towards greater digitalization also means that offline processes will increasingly be supplemented or replaced by online solutions in the future, a development which will also increase the risk of personal data being accorded insufficient protection and thus potentially vulnerable to misuse.
Companies which process and store personal data must comply with the current requirements of data protection legislation, for example the safeguarding of the rights of affected parties.
As a result of the adoption of the EU General Data Protection Regulation, which will have direct effect in all Member States, technology providers and system operators will be required to carry out DPIAs. To this end, it will be necessary to gauge the risks associated with new products, services and applications from a data protection perspective ahead of their launch, with a view to limiting and potentially also reducing those risks. This new procedure will serve to integrate the concept of data protection in the "privacy by design" and "privacy by default" senses in an optimum manner at an early stage in the development for new products and technologies.
Why is it a good idea for you to carry out a DPIA and when must a DPIA be carried out?
- As a product developer, you will be able to better manage your development processes.
- The need for any subsequent amendments in line with data protection regulations can be dispensed with.
- Data breaches and the associated subsequent financial losses and loss of reputation can be avoided.
- Your compliance with the relevant legislation will be assured.
- The European Commission recommends that DPIAs be carried out and the results thereof be submitted to national data protection agencies in the case of some new technologies, such as RFIDs or smart meters. ePrivacy is familiar with the requirements currently imposed by the data protection agencies in such cases.
What does a DPIA involve?
ePrivacy will assist you in carrying out the data privacy impact assessment (DPIA) and in developing your new products and technologies from the outset in compliance with the newly applicable data protection legislation. We will help you and your employees to ensure the secure handling of sensitive customer or user data.
Where necessary, ePrivacy will also carry out the entire data privacy impact assessment (DPIA) on your behalf.
DPIAs are carried out upon the commencement of the product development phase and upon any changes to the framework conditions, and comprise the following steps: