Data Privacy Impact Assessments

The GDPR will introduce a specific instrument that will serve as a report card for how organizations are holding up their end of the data privacy bargain: the Data Privacy Impact Assessment (DPIA). DPIAs go beyond the current model of Privacy Impact Assessment that is supposed to result in an evaluation of how personally identifiable information is collected, used, shared and maintained.
Data Privacy Impact Assessments as defined by the EU General Data Protection Directive (GDPR) will require a wholesale rethink of how data flows and mapping are performed to support data privacy protection. Instead of survey-based estimates, DPIAs will need to be based on real insights into data context and flows.
This will require new software approaches to automate data mapping that are based on real systems data.

Getting to Data Driven

The EU GDPR is the first privacy regulation that mandates covered organizations complete a risk assessment before they even launch a new service or application. Being able to assess and calculate privacy risk across critical business processes depends heavily on knowing all the data subject’s data and the stages of its life-cycle from collection, through processing and on to disposition. Legacy methods of tracking data that rely on interviews and manual analysis are inefficient and time-consuming, complicating – not facilitating – the identification of high risk processes and the data flows inside them. BigID provides a better way.
Learn more by downloading this white paper.