A DPIA is a risk assessment that is carried out for any activity that involves processing user data and are a key part of privacy best practice
Data Protection Impact Assessments (DPIAs) are a key part of privacy best practice. They also pose a unique challenge.
At the most basic level, a DPIA is a risk assessment that is carried out for any activity that involves processing user data.
Going to launch a new marketing campaign that involves sharing first-party data with a partner? Going to migrate your email database to a new platform? Going to start a Consumer Loyalty Program? All of these activities should include a DPIA.
In Europe, DPIAs are legally required in certain cases.
Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data. – GDPR Article 35
DPIAs involve a variety of business departments working together in a way that is often unfamiliar. For data-reliant businesses, the volume of DPIAs that GDPR calls for and the unusual depth of coordination needed makes them very hard to do well. We wrote about it here.
Given this difficulty, and given that DPIAs are not “consumer-facing” in the same way as Data Subject Requests, many businesses have opted to take a “managed-risk” approach. They may conduct DPIAs only for the largest or riskiest operations and skip them for day-to-day activities that they deem lower risk. However, in the event that there are complaints about privacy practices, a lack of DPIA documentation will land them in hot water with regulators.
Ethyca’s CEO Cillian Kieran explains the significance of the team’s CIP certified patches.
Learn more about all of the updates on the Fides 2.20 release here.
Ethyca’s Principal Product Manager Rachel Silver takes you through the privacy intelligence dictionary Fides Compass, and shows how it makes data mapping, consent, and compliance faster and easier than ever.
Fides Compass provides deep intelligence about commonly used third-party vendors to automate data mapping and consent, getting you to a state of global privacy compliance quickly. Learn everything about what Fides Compass does, and how, in this blog post.
Our web developer, Suchi Natarajan, breaks down the Global Privacy Control (GPC) and how to comply with it.
Our VP of Sales, James Frey, breaks down how Ethyca’s privacy solutions bridge the silos between legal and engineering teams.
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!Request a Demo