E. Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) Flashcards
Privacy assessments measure an organization’s compliance with laws, regulations, adopted standards and internal policies and procedures. Their scope includes:
1) education and awareness;
2) monitoring and responding to the regulatory environment;
3) data, systems and process assessments;
4) risk assessments;
5) incident response;
6) contracts;
7) remediation;
8) program assurance, including audits.”
Privacy assessments are conducted internally by
1) the audit function,
2) the DPO or a business function, or
3) externally by a third party.
Privacy assessments can
1) happen at a predefined time period or
2) be conducted in response to a security or privacy event or
3) at a request of an enforcement authority.
The privacy assessment standards used can
1be subjective, such as employee interviews, or objective, such as information system logs.