Difference between revisions of "DPIA and PIA Guidelines"

From IPEN Wiki
Jump to navigation Jump to search
(Created page with "There are various projects to create Guidelines for Data Protection Impact Assessments and Privacy Impact Assessments.<span style="color: rgb(44, 44, 40); font-family: Arial,...")
 
Line 1: Line 1:
There are various projects to create Guidelines for Data Protection Impact Assessments and Privacy Impact Assessments.<span style="color: rgb(44, 44, 40);  font-family: Arial, Helvetica, sans-serif;  font-size: 12.996000289917px;  line-height: normal;  text-align: justify"></span>
There are various projects to create Guidelines for Data Protection Impact Assessments and Privacy Impact Assessments.


== CNIL PIA Guide ==
== CNIL PIA Guide ==
Line 7: Line 7:
<span style="color: rgb(44, 44, 40);  font-family: Arial, Helvetica, sans-serif;  font-size: 12.996000289917px;  line-height: normal;  text-align: justify">In June 2012, the CNIL published a guide on privacy risk management, applicable to complex processings or high risks scenarios. It helped data controllers to get an objective understanding of the risks arising from their processings, in order to select the necessary and sufficient security controls.</span>
<span style="color: rgb(44, 44, 40);  font-family: Arial, Helvetica, sans-serif;  font-size: 12.996000289917px;  line-height: normal;  text-align: justify">In June 2012, the CNIL published a guide on privacy risk management, applicable to complex processings or high risks scenarios. It helped data controllers to get an objective understanding of the risks arising from their processings, in order to select the necessary and sufficient security controls.</span>


This guide was updated in July 2015 to remain in line with the European Data Protection Regulation project and the WP29’s work on the risk based approach. It also considers feedbacks and improvements proposed by different interested parties on<span style="color: rgb(44, 44, 40);  font-family: Arial, Helvetica, sans-serif;  font-size: 12.996000289917px;  line-height: normal;  text-align: justify">&nbsp;privacy impact assessments guidelines. Three documents are available</span>. (UPDATE October 2016: 2 of the links are dead right now)
This guide was updated in July 2015 to remain in line with the European Data Protection Regulation project and the WP29’s work on the risk based approach. It also considers feedbacks and improvements proposed by different interested parties on<span style="color: rgb(44, 44, 40);  font-family: Arial, Helvetica, sans-serif;  font-size: 12.996000289917px;  line-height: normal;  text-align: justify">&nbsp;privacy impact assessments guidelines. Three documents are available</span>:


[https://www.cnil.fr/sites/default/files/typo/document/CNIL-PIA-3-GoodPractices.pdf Good Practices]
[https://www.cnil.fr/sites/default/files/typo/document/CNIL-PIA-1-Methodology.pdf Manual 1: PIA Methodology (how to carry out a PIA)]
[https://www.cnil.fr/sites/default/files/typo/document/CNIL-PIA-2-Tools.pdf Manual 2: Tools (templates and knowledge bases)]
[https://www.cnil.fr/sites/default/files/typo/document/CNIL-PIA-3-GoodPractices.pdf Manual 3: Good Practices]
 
== ULD PIA Guide ==
The "Unabhängige Landeszentrum für Datenschutz" prestened a guide to DPIA's according to the GDPR at the annual privacy forum. So far they have not been published online to my knowledge but are part of the APF booklet.

Revision as of 10:11, 18 October 2016

There are various projects to create Guidelines for Data Protection Impact Assessments and Privacy Impact Assessments.

CNIL PIA Guide

The CNIL is the French Data Protection Authority (DPA).

In June 2012, the CNIL published a guide on privacy risk management, applicable to complex processings or high risks scenarios. It helped data controllers to get an objective understanding of the risks arising from their processings, in order to select the necessary and sufficient security controls.

This guide was updated in July 2015 to remain in line with the European Data Protection Regulation project and the WP29’s work on the risk based approach. It also considers feedbacks and improvements proposed by different interested parties on privacy impact assessments guidelines. Three documents are available:

Manual 1: PIA Methodology (how to carry out a PIA) Manual 2: Tools (templates and knowledge bases) Manual 3: Good Practices

ULD PIA Guide

The "Unabhängige Landeszentrum für Datenschutz" prestened a guide to DPIA's according to the GDPR at the annual privacy forum. So far they have not been published online to my knowledge but are part of the APF booklet.