CNIL publishes an update of its Privacy Impact Assessment (PIA) Guides
A PIA (Privacy Impact Assessmentor Data Protection Impact Assessment- DPIA) aims at building and demonstrating compliance to the General Data Protection Regulation (GDPR) principles. Once the GDPR will be applicable in May 2018, a PIA will be required where a processing is likely to result in a high risk to data subjects. To know more on the PIA and associated obligations, please read theDPIA Guidelines.
To assist in this process and take into account all GDPR requirements, CNIL has updated its “PIA Guides” as well as itsPIA tool. The method is consistent with theWP29 Guidelinesand with risk management international standards.
CNIL’s PIA method is composed of three guides:
The methodexplains how to carry out a PIA;
The modelshelp to formalize a PIA by detailing how to handle the different sections introduced in the method;
The knowledge baseis a code of practice that lists measures to be used to treat the risks.
The CNIL also publishes a specific version of its PIA method applied to the field of connected objects (called a PIAF – Privacy Impact Assessment Framework) as well as a case study on a sleep monitor.