- Carry out impact studies in full compliance with the GDPR
- Centralise your entire PIA process by linking each impact analysis to its data processing activity
- Benefit from our global, graphic view of both your PIAs and the general impact of your actions on personal data protection
- Conduct your PIAs simply and collaboratively using a set of interactive forms and an integrated workflow
- You’ve already done your PIAs. You want to share them? Import or export them in a few clicks.
Introduced by the GDPR, the Privacy Impact Assessment is a tool for analysing security risks to personal data that could compromise the freedoms and rights of data subjects.
This essential tool ensures that a processing activity cannot infringe on the rights and freedoms of individuals, or on their privacy. It does this by analysing risks based on the nature of the data and its processing purposes. It helps identify the appropriate measures to be taken to maximize security.
The PIA must be conducted before carrying out a processing activity.
Under the supervision of the Data Protection Officer (DPO), the data controller provides the legal justification for the processing activity, and identifies and presents the potential adverse consequences for data subjects. Measures to mitigate these consequences must then be designed and implemented. A determination is then made as to whether the processing activity is feasible, or whether the measures identified are insufficient to justify it.
This step is even more important for high-risk processing, especially when multiple actors are involved (external subcontractors, service providers outside the EU, etc.), in case of data transfers, or for sensitive data.
Even if no PIA is required from a GDPR standpoint, it remains a best practice.