Privacy Impact AssessmentAssess the risks associated with your processing operations and guarantee their implementation!
Minimize potential impacts on people affected by the data processing
Privacy impact assessment (PIA)
Our PIA pack offers you the opportunity to carry out privacy impact assessment for the most high-risk data processing operations, through an analysis of the risks and impacts on the data, supplemented by recommendations guaranteeing the technical and legal security of your processing operations.
The concept of risk is based on any form of potentially realisable event that could have a negative impact on the physical, moral, or material aspects of the people concerned by the processing.
The European recommendations specify that there are 9 criteria for identifying the presence of a risk to your personal data processing, and ultimately the need to carry out an impact assessment (if two or more criteria are met, this is an obligation to produce a PIA):
Le recours à un traitement limitant l’exercice d’un droit ou l’accès à un service/contrat
To support you
However, the Data Controller may decide to conduct a PIA even if the processing meets only one criterion. As experts, we often recommend this approach, especially when one of these criteria is related to the execution of processing in strategic areas of the company, such as core business, marketing, human resources, IT, and so forth.
The PIA enables the company to demonstrate its efforts to comply with the Regulation concerning protection of personal data for its most sensitive processing activities.
Publication of the PIA is not mandatory, but this document will be particularly useful in the event of an inspection by the Supervisory Authority.
The exercise is based on the production of documentation combining legal, regulatory and technical analyses of the data processing in question.
Depending on the risks identified, the aim for your company will be to identify ways of remedying the processing and, in the most complex cases, to complete the administrative formalities required by the French Data Protection Authority (CNIL).
During the impact analysis, the Data Controller must assess this risk and consider the threats that could lead to it occurring.
Our Consultant will guide you through the documentary design of this impact analysis and will take the lead in guiding you on the nature of the risks to be identified and the remedial actions to be taken.
Don’t hesitate to contact us if you have any doubts about the need to carry out an impact analysis, so that you can define the risks to your personal data processing.