We help you carry out risk surveys and data protection impact assessment. The necessary measures are tailored to the detected risks.
The General Data Protection Regulation (GDPR) is founded on risk-based data protection management. Risk surveys and Data Protection Impact Assessment (DPIA) help evaluating the business risks related to data protection and correctly targeting investments. The implementation and documentation of risk surveys and impact assessment also serve as means to indicate that the company complies with the obligations laid down in the regulation.
The aim of the risk survey is to chart the data protection risks posed by certain services, business processes, information systems or information system architectures. The survey is carried out based on the client’s risk management practices using workshops, interviews and questionnaires, and includes:
- recognising threats to personal data and its processing
- determining measures for managing risks
- drawing up an assessment of the risks
Data Protection Impact Assessment (DPIA) includes evaluating
- the necessity of processing personal data
- risks posed by the processing to the rights of data subjects
- measures for managing risks based on the description of the planned processing activities
- an assessment of the impacts of the processing activities on the protection of personal data
- a list of measures for managing risks.