FILTER BY CONTENT

Filter by
content

PONT Data&Privacy

mill

AVG | DPIA

De Algemene Verordening Gegevensbescherming (AVG) verplicht organisaties bij een hoog privacyrisico om vooraf een Data Protection Impact Assessment (DPIA) uit te voeren. Een DPIA is een instrument waarmee privacyrisico’s van geplande gegevensverwerkingen systematisch in kaart worden gebracht zodat passende maatregelen genomen kunnen worden om de risico’s te verkleinen.

When do I not have to conduct a DPIA?

Autoriteit Persoonsgegevens November 10, 2020

Question & Answer

DPIA

ANSWER

You do not need to conduct a data protection impact assessment (DPIA) when your data processing:

Probably not a high privacy risk.
Very similar to another data processing for which a DPIA has already been conducted.
Is governed by another European or national law and a DPIA has already been carried out when this law was created. Unless the privacy regulator judges that a DPIA is still needed.
There is a list of processing operations for which a DPIA is not mandatory. The AVG allows the privacy regulator to draw up such a list, but it is not mandatory. The AP has not made use of the option to draw up such a list.

DPIA practice day

Work with course instructors through the entire DPIA process and cover various practical DPIA models. Thus,DPIA becomespart of privacy risk management.

Test Yourself - DPIA

E-course DPIA

Upon completion of the e-learning DPIA, you will have a complete understanding of the theoretical and legal framework of DPIAs. All aspects are covered, including: when a DPIA is mandatory, what the substantive requirements are, and what standards and regulations apply to DPIAs. You will also be explained practical DPIA models.

Handbook of DPIAs

Join PONT | Data & Privacy

Access to Knowledge Base

Read e-books

Contact with peers

Own news overview

BECOME A MEMBER