Data protection impact assessment guidelines in the context of the general data protection regulation

Type
04B - Conference paper
Editor (Corporation)
Supervisor
Parent work
Thriving on Future Education, Industry, Business and Society. Proceedings of the MakeLearn and TIIM International Conference
Special issue
DOI of the original publication
Series
Series number
Volume
Issue / Number
Pages / Duration
261-270
Patent number
Publisher / Publishing institution
Place of publication / Event location
Piran
Edition
Version
Programming language
Assignee
Practice partner / Client
Abstract
The European General Data Protection Regulation (EU GDPR) requires companies to carry out a so-called Data Protection Impact Assessment (DPIA) if the processing of personal data is likely to result in a high risk to the rights and freedoms of individuals. But how can it be determined whether a risk should be considered ‘high’ and thus makes a DPIA necessary? Furthermore, if a DPIA is required, how exactly should this be performed? In response to these questions, various guidelines concerning DPIA have been published. The aim of this paper is to give those affected by the new Data Protection law an insight into three current DPIA guidelines and to support them in implementing a GDPR-compliant impact assessment. To this end, each of the selected guidelines will be described, and evaluated in terms of GDPR compliance and DPIA feasibility, i.e. on the one hand, whether the guideline complies with the relevant GDPR articles, and on the other hand what tools are provided to facilitate the operational execution of a DPIA. The study results in an overall evaluation matrix, which shows that all three guidelines have different strengths and propose differing methods for DPIA implementation.
Keywords
Subject (DDC)
Project
Event
MakeLearn & TIIM International Conference 2019
Exhibition start date
Exhibition end date
Conference start date
15.05.2019
Conference end date
17.05.2019
Date of the last check
ISBN
978-961-6914-25-3
ISSN
Language
English
Created during FHNW affiliation
Yes
Strategic action fields FHNW
Publication status
Published
Review
Peer review of the complete publication
Open access category
Gold
License
'https://creativecommons.org/licenses/by-nc-nd/4.0/'
Citation
Grütter, B. J., & Schneider, B. (2019). Data protection impact assessment guidelines in the context of the general data protection regulation. In V. Dermol (Ed.), Thriving on Future Education, Industry, Business and Society. Proceedings of the MakeLearn and TIIM International Conference (pp. 261–270). https://doi.org/10.26041/fhnw-6540