cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Community Champion

CNIL publishes an update of its Privacy Impact Assessment (PIA) Guides

A PIA (Privacy Impact Assessment or Data Protection Impact Assessment - DPIA) aims at building and demonstrating compliance to the General Data Protection Regulation (GDPR) principles. Once the GDPR will be applicable in May 2018, a PIA will be required where a processing is likely to result in a high risk to data subjects. To know more on the PIA and associated obligations, please read the DPIA Guidelines.

To assist in this process and take into account all GDPR requirements, CNIL has updated its “PIA Guides” as well as its PIA tool. The method is consistent with the WP29 Guidelines and with risk management international standards.

CNIL’s PIA method is composed of three guides:

  1. The method explains how to carry out a PIA;
  2. The models help to formalize a PIA by detailing how to handle the different sections introduced in the method;
  3. The knowledge base is a code of practice that lists measures to be used to treat the risks.

The CNIL also publishes a specific version of its PIA method applied to the field of connected objects (called a PIAF – Privacy Impact Assessment Framework) as well as a case study on a sleep monitor.

The guides, PIAF on connected object and the case study are available for download here.