2. What changes can be proposed as part of remediation plan (some examples will be enough)?
3. Data Mapping and how to conduct this?
4. And any other information which I could add in my CV to get the role. Obviously, once I will get the role, I will be contacting you for your help (and will pay your fee for your assistance). But in order to get the job of BA of GDPR, I need these information.
1. A Data Protection Impact Assessment is basically an assessment of the likelihood and severity of risks for the rights and freedoms of individuals resulting from a processing operation. Data controllers will be required to undertake DPIAs prior to data processing – in particular processing using new technologies - which is likely to result in a high risk for the rights and freedoms of individuals (Article 35 - Data protection impact assessment - https://advisera.com/eugdpracademy/gdpr/data-protection-impact-assessment/
The EU GDPR provides the some non-exhaustive list of cases in which DPIAs must be carried out:
- automated processing for purposes of profiling and similar activities intended to evaluate personal aspects of data subjects (e.g. automatic credit checking performed by banks or other financial institutions)
- processing on a large scale of special categories of data or of data relating to criminal convictions and offences (e.g. processing of mental information by a psychiatric clinic);
- systematic monitoring of a publicly accessible area on a large scale (e.g. CCTV)