Assign topic to the user
Do we have to perform DPIA for all our processing activities, or only for some of them? If only for some of them, what is the criteria to distinguish for which activities to perform the DPIA? Is this covered in some of the documents in your GDPR Toolkit?
You have to perform a DPIA for all processing activities following under art. 35 par. 3 GDPR which are:
a) profiling or tracking activities
b) processing of particular categories of personal data falling under Article 9 GDPR
c) video surveillance on a publicly accessible area on a large scale.
In our toolkit, you can find the template of our
- DPIA Methodology: https://advisera.com/eugdpracademy/documentation/data-protection-impact-assessment-methodology/
- DPIA Register: https://advisera.com/eugdpracademy/documentation/dpia-register/
If we have a data breach, do we have to report each data breach to the supervisory authority? If not, what is the criteria to distinguish between the breaches we need and do not need to report? Is this covered in some of the documents in your GDPR Toolkit?"
You need to report any data breach unless it is unlikely to result in a risk for the freedom or rights of data subjects. Risks are fraud, identity theft, unauthorized access, monitoring, financial loss, or sensitive data are involved. When a data breach occurs, you need to assess the level of risk and then define whether there is a need to report to the national Data Protection Authority or not. You should keep a register of a data breach.
Our white paper on assessing the severity of personal data breaches according to GDPR can help you in the process: https://info.advisera.com/eugdpracademy/free-download/assessing-the-severity-of-personal-data-breaches-according-to-gdpr
Here you can find more information about Data Protection Impact Assessment and Data breach:
5 phases of the EU GDPR Data Protection Impact Assessment https://advisera.com/eugdpracademy/knowledgebase/5-phases-of-the-eu-gdpr-data-protection-impact-assessment/
5 steps to handle a data breach according to GDPR https://advisera.com/eugdpracademy/knowledgebase/5-steps-to-handle-a-data-breach-according-to-gdpr/
If you need to understand how to implement EU GDPR in your organization, you may consider enrolling in our free EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course/
Comment as guest or Sign in
Nov 08, 2021