General Data Protection Regulation
Following the Data Protection Directive of 1995
ePrivacy Directive of 2002 (cookie law)
Privacy by Design
- Who is affected ?
- Am I a controller?
- Am I a processor?
- What data is included in protection?
- What protection is required?
- What to protect against? What consent is required?
- What are the penalties?
Privacy Impact Assessments
A Privacy Impact Assessment (PIA), which is required under GDPR for data-intensive projects, is a living document which must be made accessible to all involved with a project. It is the process by which you discuss, audit, inventory, and mitigate the privacy risks inherent in the data you collect and process.
Like all GDPR documentation, a PIA can be requisitioned by a data protection regulator in the event of a privacy concern or data breach. Not having a PIA is not an option.