The guiding principles of the EU General Data Protection Regulation stimulate organizations to address the issue of compliance with an approach based on continuous risk assessment. The most appropriate response to support the profound changes required by the GDPR is the implementation of a privacy management model (or privacy management system), adopted to guarantee the company is in compliance with voluntary certification schemes or compliance with mandatory regulations. One of the "engines" of the PMS is the data protection impact assessment process. In this article for The Privacy Advisor, Massimo Montanile discusses how to approach such an undertaking. Editor's Note: For guidance on DPIAs and more under the GDPR, check out the IAPP Resource Center's GDPR page, open to non-IAPP members for a limited time.
If you want to comment on this post, you need to login.