BS EN ISO/IEC 29134:2020

$198.66

Information technology. Security techniques. Guidelines for privacy impact assessment

Published By	Publication Date	Number of Pages
BSI	2020	56

Guaranteed Safe Checkout

Category: BSI

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

This document gives guidelines for

a process on privacy impact assessments, and
a structure and content of a PIA report.

It is applicable to all types and sizes of organizations, including public companies, private companies, government entities and not-for-profit organizations.

This document is relevant to those involved in designing or implementing projects, including the parties operating data processing systems and services that process PII.

PDF Catalog

PDF Pages	PDF Title
2	undefined
5	European foreword Endorsement notice
9	Foreword
10	Introduction
13	1 Scope 2 Normative references 3 Terms and definitions
15	4 Abbreviated terms
16	5 Preparing the grounds for PIA 5.1 Benefits of carrying out a PIA
17	5.2 Objectives of PIA reporting 5.3 Accountability to conduct a PIA
18	5.4 Scale of a PIA 6 Guidance on the process for conducting a PIA 6.1 General
19	6.2 Determine whether a PIA is necessary (threshold analysis) 6.3 Preparation of the PIA 6.3.1 Set up the PIA team and provide it with direction
21	6.3.2 Prepare a PIA plan and determine the necessary resources for conducting the PIA
22	6.3.3 Describe what is being assessed
23	6.3.4 Stakeholder engagement
25	6.4 Perform the PIA 6.4.1 Identify information flows of PII
26	6.4.2 Analyse the implications of the use case
27	6.4.3 Determine the relevant privacy safeguarding requirements
28	6.4.4 Assess privacy risk
31	6.4.5 Prepare for treating privacy risks
35	6.5 Follow up the PIA 6.5.1 Prepare the report
36	6.5.2 Publication 6.5.3 Implement privacy risk treatment plans
37	6.5.4 Review and/or audit of the PIA
38	6.5.5 Reflect changes to the process 7 PIA report 7.1 General
39	7.2 Report structure 7.3 Scope of PIA 7.3.1 Process under evaluation
41	7.3.2 Risk criteria 7.3.3 Resources and people involved 7.3.4 Stakeholder consultation 7.4 Privacy requirements 7.5 Risk assessment 7.5.1 Risk sources 7.5.2 Threats and their likelihood
42	7.5.3 Consequences and their level of impact 7.5.4 Risk evaluation 7.5.5 Compliance analysis 7.6 Risk treatment plan 7.7 Conclusion and decisions 7.8 PIA public summary
44	Annex A (informative) Scale criteria on the level of impact and on the likelihood
46	Annex B (informative) Generic threats
50	Annex C (informative) Guidance on the understanding of terms used
52	Annex D (informative) Illustrated examples supporting the PIA process
54	Bibliography