E. Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) Flashcards
(4 cards)
Privacy assessments measure an organization’s compliance with laws, regulations, adopted standards and internal policies and procedures. Their scope includes:
1) education and awareness;
2) monitoring and responding to the regulatory environment;
3) data, systems and process assessments;
4) risk assessments;
5) incident response;
6) contracts;
7) remediation;
8) program assurance, including audits.”
Privacy assessments are conducted internally by
1) the audit function,
2) the DPO or a business function, or
3) externally by a third party.
Privacy assessments can
1) happen at a predefined time period or
2) be conducted in response to a security or privacy event or
3) at a request of an enforcement authority.
The privacy assessment standards used can
1be subjective, such as employee interviews, or objective, such as information system logs.
