Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Personal Data Protection Policy

  Quote
Guest
Guest user Created:   Apr 10, 2020 Last commented:   Apr 10, 2020

Personal Data Protection Policy

Hello, I am looking for the Article in GDPR, where it is defined, that a documented Personal Data Protection Policy is mandatory to be compliant. Advisera is referring to Article 24. Isn't a documented DPIA sufficient?

0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Alessandra Nisticò Apr 10, 2020

No, it is not sufficient because the Data Protection Policy and DPIA (Data Protection Impact Assessment) are different documents for different purposes. 

Data Protection Policy is an internal document that establishes rules on how to process personal data by your organization, while DPIA is a document realized to evaluate risks for the rights and freedoms of data subjects and measures taken to minimize such risks with defined content established in article 35 GDPR. 

Data Protection Policy is a measure taken to increase security in data processing. It is mandatory under article 24 para 2 GDPR only “where proportionate in relation to processing activities, the measures referred to in paragraph 1 shall include the implementation of appropriate data protection policies by the controller.” 

However, the GDPR allocates the burden of proof of being compliant on the data controller. Therefore, a Data Protection Policy (which is considered an appropriate organizational security measure) is a way to help the data controller to demonstrate compliance.

Of course, most depend on the dimensions and complexity of your organization because any data controller needs to balance costs, complexity, and risks arising from data processing.

You can find more information here:Contents of the Data Protection Policy according to GDPR: https://advisera.com/eugdpracademy/knowledgebase/contents-of-the-data-protection-policy-according-to-gdpr/5 phases of the EU GDPR Data Protection Impact Assessment: https://advisera.com/eugdpracademy/knowledgebase/5-phases-of-the-eu-gdpr-data-protection-impact-assessment/

You may also consider taking our free EU GDPR Foundation course: EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

 

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 10, 2020

Apr 10, 2020

Suggested Topics