Duncan Greaves explains Privacy Impact Assessments as part of the GDPR:
The processes and practices implemented by organisations should reflect the methodology of using a Privacy by Design approach to business systems. Undertaking a PIA/DPIA is not a mandatory part of the GDPR, but in doing so, organisations can show that they are compliant with the Act.
Conducting a PIA is designed to accomplish three main goals:
-
Ensuring conformance with applicable legal, regulatory, and policy requirements for privacy.
-
Determining the risks and effects.
-
Evaluating protections and alternative processes to mitigate potential privacy risks.
Worth reading if you’re based in Europe or do business with European customers.