DPIA

2. What changes can be proposed as part of remediation plan (some examples will be enough)?
3. Data Mapping and how to conduct this?
4. And any other information which I could add in my CV to get the role. Obviously, once I will get the role, I will be contacting you for your help (and will pay your fee for your assistance). But in order to get the job of BA of GDPR, I need these information.

Answers:

1. A Data Protection Impact Assessment is basically an assessment of the likelihood and severity of risks for the rights and freedoms of individuals resulting from a processing operation. Data controllers will be required to undertake DPIAs prior to data processing – in particular processing using new technologies - which is likely to result in a high risk for the rights and freedoms of individuals (Article 35 - Data protection impact assessment - https://advisera.com/eugdpracademy/gdpr/data-protection-impact-assessment/

The EU GDPR provides the some non-exhaustive list of cases in which DPIAs must be carried out:
- automated processing for purposes of profiling and similar activities intended to evaluate personal aspects of data subjects (e.g. automatic credit checking performed by banks or other financial institutions)
- processing on a large scale of special categories of data or of data relating to criminal convictions and offences (e.g. processing of mental information by a psychiatric clinic);
- systematic monitoring of a publicly accessible area on a large scale (e.g. CCTV)

If you want to have a more in depth view on how to actually perform a DPIA the following materials would be helpful:
- Article 29 Working Party - “Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679”
- Free webinar “Seven steps of Data Protection Impact Assessment (DPIA) according to EU GDPR” - https://advisera.com/eugdpracademy/webinar/seven-steps-of-data-protection-impact-assessment-dpia-according-to-eu-gdpr-free-webinar-on-demand/
- Article “5 phases of the EU GDPR Data Protection Impact Assessment” - https://advisera.com/eugdpracademy/knowledgebase/5-phases-of-the-eu-gdpr-data-protection-impact-assessment/
- Document: “Data Protection Impact Assessment Methodology” -https://advisera.com/eugdpracademy/documentation/data-protection-impact-assessment-methodology/;
- Document: “DPIA Register”- https://advisera.com/eugdpracademy/documentation/dpia-register/;

2. The risk mitigation measures derived form a DPIA may greatly vary depending on the processing activity that is subject to the DPIA.
For some examples of mitigation measures derived from a DPIA in CCTV you can access our webinar on “Seven steps of Data Protection Impact Assessment (DPIA) according to EU GDPR” - https://advisera.com/eugdpracademy/webinar/seven-steps-of-data-protection-impact-assessment-dpia-according-to-eu-gdpr-free-webinar-on-demand/

3. For the data mapping there is a specific guidance document in our EU GDPR Toolkit that would most likely shed some light on how to go through the data mapping exercise. You can find the “ Inventory of Processing Activities” here : https://advisera.com/eugdpracademy/documentation/inventory-of-processing-activities/

4. As for other things to add to your CV I would suggest getting acquainted with the EU GDPR provisions and attending our EU GDPR Foundations Course (https://advisera.com/training/eu-gdpr-foundations-course//#reviews) and the EU GDPR Data Protection Officer Course https://advisera.com/training/eu-gdpr-data-protection-officer-course/#reviews