Expert Advice Community

Guest

Questions for DPIA

  Quote
Guest
Guest user Created:   Nov 05, 2021 Last commented:   Nov 08, 2021

Questions for DPIA

1) Do we have to perform DPIA for all our processing activities, or only for some of them? If only for some of them, what is the criteria to distinguish for which activities to perform the DPIA? Is this covered in some of the documents in your GDPR Toolkit? 2) If we have a data breach, do we have to report each data breach to the supervisory authority? If not, what is the criteria to distinguish between the breaches we need and do not need to report? Is this covered in some of the documents in your GDPR Toolkit?
0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Alessandra Nisticò Nov 08, 2021

Do we have to perform DPIA for all our processing activities, or only for some of them? If only for some of them, what is the criteria to distinguish for which activities to perform the DPIA? Is this covered in some of the documents in your GDPR Toolkit?

 

You have to perform a DPIA for all processing activities following under art. 35 par. 3 GDPR which are:
a) profiling or tracking activities
b) processing of particular categories of personal data falling under Article 9 GDPR
c) video surveillance on a publicly accessible area on a large scale.

In our toolkit, you can find the template of our

 

If we have a data breach, do we have to report each data breach to the supervisory authority? If not, what is the criteria to distinguish between the breaches we need and do not need to report? Is this covered in some of the documents in your GDPR Toolkit?"

 

You need to report any data breach unless it is unlikely to result in a risk for the freedom or rights of data subjects. Risks are fraud, identity theft, unauthorized access, monitoring, financial loss, or sensitive data are involved. When a data breach occurs, you need to assess the level of risk and then define whether there is a need to report to the national Data Protection Authority or not. You should keep a register of a data breach.

Our white paper on assessing the severity of personal data breaches according to GDPR can help you in the process: https://info.advisera.com/eugdpracademy/free-download/assessing-the-severity-of-personal-data-breaches-according-to-gdpr 
 

Here you can find more information about Data Protection Impact Assessment and Data breach:
5 phases of the EU GDPR Data Protection Impact Assessment https://advisera.com/eugdpracademy/knowledgebase/5-phases-of-the-eu-gdpr-data-protection-impact-assessment/
5 steps to handle a data breach according to GDPR https://advisera.com/eugdpracademy/knowledgebase/5-steps-to-handle-a-data-breach-according-to-gdpr/


If you need to understand how to implement EU GDPR in your organization, you may consider enrolling in our free EU GDPR Foundations Course: https://training.advisera.com/course/eu-gdpr-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 05, 2021

Nov 08, 2021

Suggested Topics

Guest user Created:   Jan 14, 2020 EU GDPR
Replies: 1
0 0

EU GDPR - DPO, DPIA & other questions

Guest user Created:   Apr 27, 2018 EU GDPR
Replies: 1
0 0

Questions in the DPIA