DPIA

Data protection impact assessment: learn how to access risks and be in compliance with the GDPR.

AGM Solutions Consultants are able to offer to all companies and freelancers a specialised service in the case of personal data processing subject to compulsory impact assessment, called DPIA (sanctioned by Art 35 of the GDPR), for example in case of:

• Systematic and comprehensive assessment of personal aspects related to individuals, based on automated processing, including profiling.
• Processing, on a large scale, of special categories of personal data (health, judicial data, etc.).
• Large-scale systematic Surveillance of an area accessible to the public.
• Adoption of new technologies for the processing of personal data, etc.

The impact assessment is performed according to the guidelines expressed by the international standard ISO/IEC 29134. In particular, the ISO 29134 standard recommends the PIA as a process that must begin before the processing of personal data, when there is still the possibility to address the processing itself.

This process also considers the potential impact of the assets used for data processing such as other processes, IT services and related infrastructure in a “privacy by design” perspective.  The result of the impact assessment process is, therefore, a report (“PIA Report”) that is issued to the Customer.

To meet the requirements identified by a risk and impact assessment related to the protection of personal information, AGM Solutions specialists use the new 29151 standard, which integrates both physical and logical security aspects that those related to privacy, in order to offer an all-round data protection service.