Difference between revisions of "DPIA and PIA Guidelines"

From IPEN Wiki
Jump to navigation Jump to search
m (PeterKraus moved page D PIA GL to DPIA and PIA Guidelines: better name/title)
 
(2 intermediate revisions by the same user not shown)
Line 11: Line 11:
[https://ec.europa.eu/energy/sites/ener/files/documents/2014_dpia_smart_grids_forces.pdf EC Smart grids DPIA]
[https://ec.europa.eu/energy/sites/ener/files/documents/2014_dpia_smart_grids_forces.pdf EC Smart grids DPIA]


== CNIL PIA Guide ==
== CNIL PIA Support ==


<span style="color: rgb(44, 44, 40); font-family: Arial, Helvetica, sans-serif; font-size: 12.996000289917px; line-height: normal; text-align: justify">The CNIL is the French Data Protection Authority (DPA).</span>
<span style="color: rgb(44, 44, 40); font-family: Arial, Helvetica, sans-serif; font-size: 12.996000289917px; line-height: normal; text-align: justify">CNIL is the French Data Protection Authority (DPA).</span>


<span style="color: rgb(44, 44, 40); font-family: Arial, Helvetica, sans-serif; font-size: 12.996000289917px; line-height: normal; text-align: justify">In June 2012, the CNIL published a guide on privacy risk management, applicable to complex processings or high risks scenarios. It helped data controllers to get an objective understanding of the risks arising from their processings, in order to select the necessary and sufficient security controls.</span>
<span style="color: rgb(44, 44, 40); font-family: Arial, Helvetica, sans-serif; font-size: 12.996000289917px; line-height: normal; text-align: justify">In June 2012, CNIL published a guide on privacy risk management, applicable to complex processings or high risks scenarios. It helped data controllers to get an objective understanding of the risks arising from their processings, in order to select the necessary and sufficient security controls.</span>


This guide was updated in July 2015 to remain in line with the European Data Protection Regulation project and the WP29’s work on the risk based approach. It also considers feedbacks and improvements proposed by different interested parties on<span style="color: rgb(44, 44, 40); font-family: Arial, Helvetica, sans-serif; font-size: 12.996000289917px; line-height: normal; text-align: justify">&nbsp;privacy impact assessments guidelines. Three documents are available</span>:
This guide was updated in July 2015 to remain in line with the European Data Protection Regulation project and the WP29’s work on the risk based approach. It also considers feedbacks and improvements proposed by different interested parties on<span style="color: rgb(44, 44, 40); font-family: Arial, Helvetica, sans-serif; font-size: 12.996000289917px; line-height: normal; text-align: justify">&nbsp;privacy impact assessments guidelines. Three documents are available</span>:


[https://www.cnil.fr/sites/default/files/typo/document/CNIL-PIA-1-Methodology.pdf Manual 1: PIA Methodology (how to carry out a PIA)]  
[https://www.cnil.fr/sites/default/files/typo/document/CNIL-PIA-1-Methodology.pdf Manual 1: PIA Methodology (how to carry out a PIA)]


[https://www.cnil.fr/sites/default/files/typo/document/CNIL-PIA-2-Tools.pdf Manual 2: Tools (templates and knowledge bases)]  
[https://www.cnil.fr/sites/default/files/typo/document/CNIL-PIA-2-Tools.pdf Manual 2: Tools (templates and knowledge bases)]


[https://www.cnil.fr/sites/default/files/typo/document/CNIL-PIA-3-GoodPractices.pdf Manual 3: Good Practices]
[https://www.cnil.fr/sites/default/files/typo/document/CNIL-PIA-3-GoodPractices.pdf Manual 3: Good Practices]
In December 2017, CNIL made available an [https://www.cnil.fr/en/open-source-pia-software-helps-carry-out-data-protection-impact-assesment open source software for PIA]


== ULD PIA Guide ==
== ULD PIA Guide ==


The "Unabhängige Landeszentrum für Datenschutz" prestened a guide to DPIA's according to the GDPR at the annual privacy forum. So far it has not been published online to my knowledge but is part of the APF booklet.
The "Unabhängige Landeszentrum für Datenschutz" presented a guide to DPIA's according to the GDPR at the annual privacy forum. So far it has not been published online to my knowledge but is part of the APF booklet.

Latest revision as of 14:50, 25 October 2018

There are various projects to create Guidelines for Data Protection Impact Assessments and Privacy Impact Assessments.

EC DPIA Template for Smart Grid and Smart Metering Systems

The Smart Grids Task Force was set up by the European Commission in 2009 to advise on issues related to smart grid deployment and development. One of the working group (WG2) is on security and privacy.

The EC has provided a Data Protection Impact Assessment Template for smart grid and smart metering systems.

The EC has decided to have a two-year trial of the template starting from March 2015.

EC Smart grids DPIA

CNIL PIA Support

CNIL is the French Data Protection Authority (DPA).

In June 2012, CNIL published a guide on privacy risk management, applicable to complex processings or high risks scenarios. It helped data controllers to get an objective understanding of the risks arising from their processings, in order to select the necessary and sufficient security controls.

This guide was updated in July 2015 to remain in line with the European Data Protection Regulation project and the WP29’s work on the risk based approach. It also considers feedbacks and improvements proposed by different interested parties on privacy impact assessments guidelines. Three documents are available:

Manual 1: PIA Methodology (how to carry out a PIA)

Manual 2: Tools (templates and knowledge bases)

Manual 3: Good Practices

In December 2017, CNIL made available an open source software for PIA

ULD PIA Guide

The "Unabhängige Landeszentrum für Datenschutz" presented a guide to DPIA's according to the GDPR at the annual privacy forum. So far it has not been published online to my knowledge but is part of the APF booklet.