Know when to conduct a data protection impact — Know when to conduct a data protection impact assessment, and have a process in place to carry it out
A data protection impact assessment (aka privacy impact assessment) is a way to help you understand how your product or service could jeopardize your customers' data, as well as how to minimize those risks. The UK Information Commissioner's Office (ICO) has a data protection impact assessment checklist on its website. The GDPR requires organizations to carry out this kind of analysis whenever they plan to use people's data in such a way that it's "likely to result in a high risk to [their] rights and freedoms." The ICO recommends just doing it anytime you're about to process personal data.
| Property | Value |
|---|
| Section | Data security |
| Owner | operator |
Mapped Controls
| Control | Title |
|---|
| SID-ARCH-02 | Operator-Scope Compliance Obligations |
Source: GDPR Checklist for Data Controllers