Tool-Assisted Risk Analysis for Data Protection Impact Assessment

2020 ◽  
pp. 308-324 ◽  
Author(s):  
Salimeh Dashti ◽  
Silvio Ranise
Keyword(s):  
Risk Analysis ◽  
Impact Assessment ◽  
Data Protection

scholarly journals Data Protection Impact Assessment (DPIA) for Cloud-Based Health Organizations

2021 ◽  
Vol 13 (3) ◽  
pp. 66
Author(s):  
Dimitra Georgiou ◽  
Costas Lambrinoudakis
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Gap Analysis ◽  
Health Care Organization ◽  
Personal Data ◽  
Care Organization ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Compliance Level

The General Data Protection Regulation (GDPR) harmonizes personal data protection laws across the European Union, affecting all sectors including the healthcare industry. For processing operations that pose a high risk for data subjects, a Data Protection Impact Assessment (DPIA) is mandatory from May 2018. Taking into account the criticality of the process and the importance of its results, for the protection of the patients’ health data, as well as the complexity involved and the lack of past experience in applying such methodologies in healthcare environments, this paper presents the main steps of a DPIA study and provides guidelines on how to carry them out effectively. To this respect, the Privacy Impact Assessment, Commission Nationale de l’Informatique et des Libertés (PIA-CNIL) methodology has been employed, which is also compliant with the privacy impact assessment tasks described in ISO/IEC 29134:2017. The work presented in this paper focuses on the first two steps of the DPIA methodology and more specifically on the identification of the Purposes of Processing and of the data categories involved in each of them, as well as on the evaluation of the organization’s GDPR compliance level and of the gaps (Gap Analysis) that must be filled-in. The main contribution of this work is the identification of the main organizational and legal requirements that must be fulfilled by the health care organization. This research sets the legal grounds for data processing, according to the GDPR and is highly relevant to any processing of personal data, as it helps to structure the process, as well as be aware of data protection issues and the relevant legislation.

The Bigger Picture: Approaches to Inter-organizational Data Protection Impact Assessment

2020 ◽  
pp. 283-293
Author(s):  
Dimitri Van Landuyt ◽  
Laurens Sion ◽  
Pierre Dewitte ◽  
Wouter Joosen
Keyword(s):  
Impact Assessment ◽  
Data Protection

Paving the Way to an Improved, Modern Management of Risk: The new European Commission's Better Regulation Strategy

2015 ◽  
Vol 6 (4) ◽  
pp. 649-651 ◽  
Author(s):  
Richard Meads ◽  
Lorenzo Allio
Keyword(s):  
Risk Analysis ◽  
Impact Assessment ◽  
Political Science ◽  
Strategic Thinking ◽  
Modern Management ◽  
Better Regulation ◽  
Regulatory Impact ◽  
Recent Developments ◽  
The Eu ◽  
Management Of Risk

This section regularly examines Regulatory Impact Assessment (IA) at three levels: the EU, theMember States and internationally. Contributions aim to cover aspects such as the interface between IA and risk analysis, looking atmethodologies as well as legal and political science-related issues. Contributions are meant to report and critically assess recent developments in the field, develop strategic thinking, and make constructive recommendations for improving performance in IA processes.

scholarly journals Data Protection Impact Assessment for the Corona App

2020 ◽  
Author(s):  
Kirsten Bock ◽  
Christian Ricardo Kühne ◽  
Rainer Mühlhoff ◽  
Měto R. Ost ◽  
Jörg Pohle ◽  
...  
Keyword(s):  
Impact Assessment ◽  
Data Protection

Article 30 Records of processing activities

2020 ◽  
Author(s):  
Waltraut Kotschy
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Data Flows ◽  
Right Of Access ◽  
Data Subject ◽  
General Conditions

Article 13 (Information to be provided where personal data are collected from the data subject); Article 14 (Information to be provided where personal data have not been obtained from the data subject); Article 15 (Right of access by the data subject); Article 24 (Responsibility of the controller); Article 32 (Security of processing); Article 35 (Data protection impact assessment); Article 37 (Designation of a data protection officer); Article 49 (Derogations for specific situations concerning transborder data flows); Article 83 (General conditions for imposing administrative fines)

Article 41 Monitoring of approved codes of conduct

2020 ◽  
Author(s):  
Irene Kamara
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Codes Of Conduct ◽  
General Conditions

Article 24 (Responsibility of the controller) (see too recitals 74–77, 83); Article 35 (Data protection impact assessment) (see too recital 84); Article 40 (Codes of conduct); Article 46 (Transfers subject to appropriate safeguards) (see too recitals 108–109); Article 57 (Tasks); Article 58 (Powers); Article 64 (Opinion of the Board); Article 70 (Tasks of the Board); Article 83 (General conditions for imposing administrative fines) (see too recitals 150–151); Article 93 (Committee procedure).

Sign in / Sign up

Export Citation Format

Share Document