By Robert J. Ward, Jr., VP, Global Compliance, Houston International Business Corp.
Privacy Impact Assessments or Data Protection Impact Assessments as they are now called under the EU General Data Protection Regulation are an extremely useful risk management tool in that they help the business manage privacy expectations of individuals when the business implements new technologies or more invasive ways of collecting and using personal information.
The constant media attention on invasions of privacy whether by technology or otherwise can often be damaging for the brand and reputation of the companies that are exposed and/or investigated and the use of a Privacy Impact Assessment as a risk management tool is something that should be embedded into compliance.
Not every use of new technology or implementation of new ways of processing personal data require a Privacy Impact Assessment but it is good practice to ensure that key stakeholders in the business understand when to ask the question “is what we are about to do likely to impact privacy expectations?”.
In some cases the answer may be “No, there is no impact”, but to the extent that there are issues then the Privacy Impact Assessment enables the business to demonstrate that it takes data protection and privacy rights seriously and that it will put in place checks and balances to ensure that the business needs for the use of technology and profiling (for example) do not outweigh the rights of individuals.
Why not come along to my session 501 on Tuesday, October 23 to learn how to effectively use Privacy Impact Assessments and create a trusted relationship with individuals rather than a backlash.