Impact Assessment
If you are looking for expert data protection consultants to prepare your EIPD Data Protection Impact Assessment in Valencia.
Legal basis on the obligation to perform an EIPD Data Protection Impact Assessment :
-Article35 of the General Data Protection Regulation (EU) 2016/679(GDPR)
-Article28.1 of the Organic Law on Data Protection 3/2018(LOPD-GDD) and guarantees of digital rights.
What is a Data Protection Impact Assessment (DPA)?
It is a preventive and prior tool that must be carried out by the data controller in order to identify, assess and manage the risks to which its processing activities are exposed, with the aim of guaranteeing the rights and freedoms of natural persons.
In addition, a PIA must be carried out when an operation started prior to the application of the Regulation has changed in terms of the risks that the processing entails in relation to the time when the processing was started.
The risk analysis for a given processing operation makes it possible to identify the risks to the data subjects’ data and to establish a response by adopting the necessary safeguards to reduce them to an acceptable level of risk.
The Data Protection Impact Assessment (DPA) is a process that does not end when it has been completed. Data controllers, as stated in the GDPR, should review whether the processing operations continue to comply with the assessment to which they have been subjected and, in any case, do so when there is a change in the risk of the processing.
What should an EIPD include?
If the Data Controller is included in the mandatory assumptions determined in the Instruction of the Spanish Data Protection Agency, it must prepare a Data Protection Impact Assessment (DPA) with the following content:
- Analysis of the need for an EIPD
- Treatment analyzed
- Risk management
- Risk Reduction Measures
- Accountability Measures
- Action Plan.
- Implementation and monitoring of the Action Plan
- Conclusions and Recommendations