In a certain sense, the new data protection impact assessment (DPIA) is the direct successor to the assessment prior to processing provided for in the German Federal Data Protection Act. A data protection impact assessment is required if the type of processing, in particular when using new technologies, may be expected to entail a high risk to the rights and freedoms of natural persons due to the nature, scope, context, and purposes of processing.
This is always the case if particularly sensitive data (data concerning health, credit card data) or large volumes of data are processed. A DPIA is also required wherever CCTV is used. The DPIA is therefore a useful instrument for the comprehensive analysis and evaluation of the data protection law risks of specific processing activities.
ISiCO handles the full execution and documentation of data protection impact assessments in your company. In addition to conventional DPIAs, we also handle industry-specific DPIAs in the healthcare sector, where special requirements apply.
From A to Z:
- Full execution of DPIAs, incl. detailed documentation
More benefits of using ISiCO:
- Monitoring the execution of individual data protection impact assessments
- Review of existing documentation (pursuant to both the German Federal Data Protection Act and the GDPR)
- Comprehensive advice – from initial contact to completed data protection impact assessment
- Support in selecting technical and organisational measures (TOM)
- Support for internal data protection officer when preparing a DPIA
- Handling of event-driven inspections of the data protection impact assessment
- Routine reviews without cause of the DPIA
You extensively process special categories of personal data or want to undertake a systematic and comprehensive assessment of personal aspects relating to natural persons?
Some sectors are less likely to be compelled to perform a data protection impact assessment than others. The latter group particularly includes the healthcare sector, which processes large volumes of special categories of personal data – data concerning health.
No matter what industry your company operates in: trust in our expertise and benefit from the many years of experience of our consultants, who also boast extensive competence in dealing with complex technical issues.