The use of an assessment methodology to personal understand privacy risks and rights has been known since the mid-1990s [1]. The growing interest in what were then called Privacy Impact Assessments (PIA) was triggered by the exponential growth of data storage and analysis plus the public reaction to the inevitable leaks and scandals. Today DPIAs […]
The law across Europe now says a DPIA is required when the processing is “likely to result in a high risk to the rights and freedoms of natural persons” (GDPR Article 35(1)). Where the key term is “high risk”. To be clear not all processing requires a DPIA. A DPIA is mandatory for that subset of processing activities which meet the threshold of high risk. Since GDPR […]
A sensible and well-designed and CCTV system is a powerful tool for deterring criminals and tackling security issues. On the other hand, badly designed systems, cause legal and PR problems while generating a false sense of security. In our experience, privacy and security are not mutually exclusive. We find a pragmatic approach based on the […]
Data Protection Impact Assessments (DPIAs) are an often misunderstood element of GDPR compliance. Like so much of the GDPR there is little precision in the regulations, but a process must be followed and an artefact must be produced. This DigiTorc article, one of a series of occasional articles, defines: What a DPIA must consist of? Which processing activities require a DPIA? […]