Data protection impact assessment (DPIA)
The GDPR provides numerous instruments for measuring and managing compliance with data protection law, and any company may be obliged to carry out a data protection impact assessment (DPIA).
Data protection impact assessment: minimising risks and effort
In a certain sense, the new data protection impact assessment (DPIA) is the direct successor to the assessment prior to processing provided for in the German Federal Data Protection Act. A data protection impact assessment is required if the type of processing, in particular when using new technologies, may be expected to entail a high risk to the rights and freedoms of natural persons due to the nature, scope, context, and purposes of processing.
This is always the case if particularly sensitive data (data concerning health, credit card data) or large volumes of data are processed. A DPIA is also required wherever CCTV is used. The DPIA is therefore a useful instrument for the comprehensive analysis and evaluation of the data protection law risks of specific processing activities.
ISiCO handles the full execution and documentation of data protection impact assessments in your company. In addition to conventional DPIA, we also handle industry-specific DPIAs in the healthcare sector, where special requirements apply.
More benefits of using ISiCO:
- Monitoring the execution of individual data protection impact assessments
- Review of existing documentation (pursuant to both the German Federal Data Protection Act and the GDPR)
- Comprehensive advice – from initial contact to completed data protection impact assessment
- Support in selecting technical and organisational measures (TOM)
- Support for internal data protection officer when preparing a DPIA
- Handling of event-driven inspections of the data protection impact assessment
- Routine reviews without cause of the DPIA
Companies that already trust us
Choose ISiCO now!
You extensively process special categories of personal data or want to undertake a systematic and comprehensive assessment of personal aspects relating to natural persons? Some sectors are less likely to be compelled to perform a data protection impact assessment than others. The latter group particularly includes the healthcare sector, which processes large volumes of special categories of personal data – data concerning health.
No matter what industry your company operates in: trust in our expertise and benefit from the many years of experience of our consultants, who also boast extensive competence in dealing with complex technical issues.
Your solution for the best data protection
The basis of every good business relationship is trust. Strengthen the relationship with your customers with our expertise in data protection. This will give your company a strong competitive advantage and allow you to concentrate fully on your business.
Your ISiCO-Expert:
Dr. Philipp Siedenburg
Director Data Privacy
News zu diesem Thema
26.08.2024
Datenschutzmanagementsystem (DSMS): Ihr Schlüssel zur DSGVO-Compliance
Um den Anforderungen der Datenschutz-Grundverordnung (DSGVO) gerecht zu werden, empfiehlt sich ein Datenschutzmanagementsystem (DSMS). Denn damit lassen sich die datenschutzrechtlichen Anforderungen regeln, planen, umsetzen und kontrollieren. Das vereinfacht die Compliance für Unternehmen und deren Mitarbeiter:innen wesentlich. Lesen Sie hier, wie der DSGVO-konforme Aufbau eines DSMS gelingt, wer im Unternehmen dafür Verantwortlich ist und welche Software Ihnen helfen kann.
Read more … Datenschutzmanagementsystem (DSMS): Ihr Schlüssel zur DSGVO-Compliance
15.08.2024
Meldung eines Datenschutzvorfalls – ein Leitfaden
Stellt ein Unternehmen fest, dass es zu einer Datenschutzpanne gekommen ist, fallen Mitarbeitern und Geschäftsführung in aller Aufruhr meist zuerst das Bußgeld ein. Wir zeigen Ihnen im Folgenden, wie Sie dabei am besten vorgehen und wann sie überhaupt einen Vorfall melden müssen.
Read more … Meldung eines Datenschutzvorfalls – ein Leitfaden
02.07.2024
Verzeichnis von Verarbeitungstätigkeiten (VVT) einfach erklärt – mit Leitfaden & Checkliste
Wer muss ein Verzeichnis von Verarbeitungstätigkeiten (VVT) erstellen? Wie wird er aufgebaut? Wie oft muss das VVT aktualisiert und überprüft werden? In welcher Form und Sprache muss das VVT geführt werden? Eine Übersicht mit Checklisten und Tipps.