Personal Data Protection Policy
Hello, I am looking for the Article in GDPR, where it is defined, that a documented Personal Data Protection Policy is mandatory to be compliant. Advisera is referring to Article 24. Isn't a documented DPIA sufficient?
Assign topic to the user
No, it is not sufficient because the Data Protection Policy and DPIA (Data Protection Impact Assessment) are different documents for different purposes.
Data Protection Policy is an internal document that establishes rules on how to process personal data by your organization, while DPIA is a document realized to evaluate risks for the rights and freedoms of data subjects and measures taken to minimize such risks with defined content established in article 35 GDPR.
Data Protection Policy is a measure taken to increase security in data processing. It is mandatory under article 24 para 2 GDPR only “where proportionate in relation to processing activities, the measures referred to in paragraph 1 shall include the implementation of appropriate data protection policies by the controller.”
However, the GDPR allocates the burden of proof of being compliant on the data controller. Therefore, a Data Protection Policy (which is considered an appropriate organizational security measure) is a way to help the data controller to demonstrate compliance.
Of course, most depend on the dimensions and complexity of your organization because any data controller needs to balance costs, complexity, and risks arising from data processing.
You can find more information here:Contents of the Data Protection Policy according to GDPR: https://advisera.com/eugdpracademy/knowledgebase/contents-of-the-data-protection-policy-according-to-gdpr/5 phases of the EU GDPR Data Protection Impact Assessment: https://advisera.com/eugdpracademy/knowledgebase/5-phases-of-the-eu-gdpr-data-protection-impact-assessment/
You may also consider taking our free EU GDPR Foundation course: EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//
Comment as guest or Sign in
Apr 10, 2020