Data Privacy Impact Assessment
A Data Privacy Impact Assessment is a process carried out to identify the impact on and risks of processing operations to the rights of data subjects and to determine the appropriate mitigation measures.
Personal data processing could lead to physical, material or non-material damage of data subjects, in particular:
- where the processing may give rise to
- identity theft or fraud,
- financial loss,
- damage to the reputation,
- loss of confidentiality of personal data protected by professional secrecy,
- unauthorised reversal of pseudonymisation,
- or any other significant economic or social disadvantage;
- where data subjects might be deprived of their general rights or prevented from exercising control over their personal data.
Likelihood and severity of the risk to the general rights of individuals can vary according to factors, such as:
- where sensitive personal data are processed;
- where aspects relating to Data Subjects are evaluated in order to create or use personal profiles;
- where personal data of persons under 16 years of age are processed;
- or where processing involves a large amount of personal data and affects a large number of data subjects.
Each Controlling Service shall undertake a Data Privacy Impact Assessment, in accordance with the procedure established by the ODP, prior to undertaking any Processing operation that has one or more of the following characteristics:
- includes Sensitive Personal Data;
- poses a high risk to the rights of Data Subjects;
- involves a significant technological change in the processing; or,
- results in large-scale or recurrent processing
The Service Owner shall determine whether a Data Privacy Impact Assessment is required; if in doubt, he or she shall consult the ODP.
A single assessment can be carried out for multiple Processing operations that pose similar risks.
Data Privacy Impact Assessments shall be sent to the ODP, which will maintain a record of the assessments carried out. Where the ODP considers that the proposed Processing operation is not proportionate to its stated purpose, it shall recommend how best to adapt the Processing operation. Where such adaptation is not feasible, the ODP can request that the Processing operation not be undertaken.