What's a Data Privacy Impact Assessment

A Data Privacy Impact Assessment must be carried out by a controller when certain conditions are met and in compliance with Article 35 of the GDPR. It provides the assurance that privacy is adequately addressed, that risky processings are acknowledged and that the controller knows how to mitigate those risks for data subjects.

According to Article 28 of the GDPR, as a processor, you must assist controllers in conducting this assessment and provide them all necessary information. This assistance must be included in your contract with controllers.

Compliance

Can I transfer data outside the European Union?

Location where data is stored is a paramount criteria for controllers. If servers hosting data are located in the European Union or in an adequate country, data transfers can be operated without additional safeguards as these countries’ legislations are protective enough of personal data and individuals’ rights.

Definition

What's the legal basis for a processing activity?

To process personal data a valid lawful basis is necessary. There are six available lawful bases for processing:Consent: The data subject has given clear and affirmative consent to the processing of their personal data for a specific purpose.Contract: The processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract.

Definition

What's a third-party?

A third party is anyone outside the business and the individual concerned who can access the personal data you’re responsible for. There are 2 types of third parties:

What's a Data Privacy Impact Assessment

Can I transfer data outside the European Union?

What's the legal basis for a processing activity?

What's a third-party?

Become GDPR compliant in minutes!

Product

Ressources

Legal