Does the GDPR Require PIAs? Answer: Only Sometimes
Many privacy officers are under the impression that the GDPR requires organisations to conduct PIAs and that doing so will largely meet their GDPR compliance obligations. This is not the case. The GDPR is an accountability-based regulation and requires organisations to demonstrate compliance with all aspects of the GDPR: over 39 Articles require a technical or organisational measure to demonstrate compliance and Article 35 on data protection impact assessments is only one of them. Furthermore, DPIAs are required in only limited circumstances: when the processing is likely to result in a high risk to the rights and freedoms of natural persons.
In this webinar, learn about Nymity’s latest compliance innovation: an expert system that, when subject to GDPR, enables organisations to leverage their existing accountability mechanisms, meet their obligations under Article 30 (Records of processing activities) and, when DPIA-Triggered™, under Article 35 GDPR (Data Protection Impact Assessments). Understand how the burdensome traditional step of lengthy or incomplete questionnaires is avoided and how the solution enables organisations to carry out more data processing activities with the same data, within the boundaries of the law. In addition, you will learn how this solution provides the business a defensible position of evidenced compliance. In this webinar we will review: 1. The overlap between accountability and traditional PIA frameworks Registration Link: https://attendee.gotowebinar.com/register/3000191581952780545 |