The U.K. Information Commissioner’s Office has updated its guidance on data protection impact assessments in response to an opinion released by the European Data Protection Board. The guidance includes an overview of a DPIA, a checklist for when a company conducts an assessment, and a rundown of the different situations when a DPIA is needed. The ICO’s guidance also includes documentation from the EDPB and its predecessor, the Article 29 Working Party. The EDPB released its opinion on the ICO’s DPIA guidance in October, where it said the agency is too strict on certain aspects of the assessments.
If you want to comment on this post, you need to login.