Data protection impact assessment guidelines in the context of the general data protection regulation

Grütter, Bodo Jeremy; Schneider, Bettina

Data protection impact assessment guidelines in the context of the general data protection regulation

Files

Gruetter_Schneider_Data_protection_impact_assessment_guidelines_2019.pdf(1001.75 KB)

Authors

Grütter, Bodo Jeremy

Schneider, Bettina

Author (Corporation)

Publication date

2019

Typ of student thesis

Course of study

Collections

Institut für Wirtschaftsinformatik

Full item page

Type

04B - Conference paper

Editors

Dermol, Valerij

Editor (Corporation)

Supervisor

Parent work

Thriving on Future Education, Industry, Business and Society. Proceedings of the MakeLearn and TIIM International Conference

Special issue

DOI of the original publication

URI

https://irf.fhnw.ch/handle/11654/42575
https://doi.org/10.26041/fhnw-6540

Link

https://toknowpress.net/proceedings/978-961-6914-25-3/

Series

Series number

Volume

Issue / Number

Pages / Duration

261-270

Patent number

Publisher / Publishing institution

Place of publication / Event location

Piran

Edition

Version

Programming language

Assignee

Practice partner / Client

Abstract

The European General Data Protection Regulation (EU GDPR) requires companies to carry out a so-called Data Protection Impact Assessment (DPIA) if the processing of personal data is likely to result in a high risk to the rights and freedoms of individuals. But how can it be determined whether a risk should be considered ‘high’ and thus makes a DPIA necessary? Furthermore, if a DPIA is required, how exactly should this be performed? In response to these questions, various guidelines concerning DPIA have been published. The aim of this paper is to give those affected by the new Data Protection law an insight into three current DPIA guidelines and to support them in implementing a GDPR-compliant impact assessment. To this end, each of the selected guidelines will be described, and evaluated in terms of GDPR compliance and DPIA feasibility, i.e. on the one hand, whether the guideline complies with the relevant GDPR articles, and on the other hand what tools are provided to facilitate the operational execution of a DPIA. The study results in an overall evaluation matrix, which shows that all three guidelines have different strengths and propose differing methods for DPIA implementation.

Keywords

Subject (DDC)

330 - Wirtschaft

Project

Event

MakeLearn & TIIM International Conference 2019

Exhibition start date

Exhibition end date

Conference start date

15.05.2019

Conference end date

17.05.2019

Date of the last check

ISBN

978-961-6914-25-3

ISSN

Language

English

Created during FHNW affiliation

Yes

Strategic action fields FHNW

Publication status

Published

Review

Peer review of the complete publication

Open access category

Gold

License

Citation

Grütter, B. J., & Schneider, B. (2019). Data protection impact assessment guidelines in the context of the general data protection regulation. In V. Dermol (Ed.), Thriving on Future Education, Industry, Business and Society. Proceedings of the MakeLearn and TIIM International Conference (pp. 261–270). https://doi.org/10.26041/fhnw-6540

Full item page