This document gives guidelines for<\/p>\n
a process on privacy impact assessments, and<\/p>\n<\/li>\n
a structure and content of a PIA report.<\/p>\n<\/li>\n<\/ul>\n
It is applicable to all types and sizes of organizations, including public companies, private companies, government entities and not-for-profit organizations.<\/p>\n
This document is relevant to those involved in designing or implementing projects, including the parties operating data processing systems and services that process PII.<\/p>\n
| PDF Pages<\/th>\n | PDF Title<\/th>\n<\/tr>\n | ||||||
|---|---|---|---|---|---|---|---|
| 2<\/td>\n | undefined <\/td>\n<\/tr>\n | ||||||
| 5<\/td>\n | European foreword Endorsement notice <\/td>\n<\/tr>\n | ||||||
| 9<\/td>\n | Foreword <\/td>\n<\/tr>\n | ||||||
| 10<\/td>\n | Introduction <\/td>\n<\/tr>\n | ||||||
| 13<\/td>\n | 1 Scope 2 Normative references 3 Terms and definitions <\/td>\n<\/tr>\n | ||||||
| 15<\/td>\n | 4 Abbreviated terms <\/td>\n<\/tr>\n | ||||||
| 16<\/td>\n | 5 Preparing the grounds for PIA 5.1 Benefits of carrying out a PIA <\/td>\n<\/tr>\n | ||||||
| 17<\/td>\n | 5.2 Objectives of PIA reporting 5.3 Accountability to conduct a PIA <\/td>\n<\/tr>\n | ||||||
| 18<\/td>\n | 5.4 Scale of a PIA 6 Guidance on the process for conducting a PIA 6.1 General <\/td>\n<\/tr>\n | ||||||
| 19<\/td>\n | 6.2 Determine whether a PIA is necessary (threshold analysis) 6.3 Preparation of the PIA 6.3.1 Set up the PIA team and provide it with direction <\/td>\n<\/tr>\n | ||||||
| 21<\/td>\n | 6.3.2 Prepare a PIA plan and determine the necessary resources for conducting the PIA <\/td>\n<\/tr>\n | ||||||
| 22<\/td>\n | 6.3.3 Describe what is being assessed <\/td>\n<\/tr>\n | ||||||
| 23<\/td>\n | 6.3.4 Stakeholder engagement <\/td>\n<\/tr>\n | ||||||
| 25<\/td>\n | 6.4 Perform the PIA 6.4.1 Identify information flows of PII <\/td>\n<\/tr>\n | ||||||
| 26<\/td>\n | 6.4.2 Analyse the implications of the use case <\/td>\n<\/tr>\n | ||||||
| 27<\/td>\n | 6.4.3 Determine the relevant privacy safeguarding requirements <\/td>\n<\/tr>\n | ||||||
| 28<\/td>\n | 6.4.4 Assess privacy risk <\/td>\n<\/tr>\n | ||||||
| 31<\/td>\n | 6.4.5 Prepare for treating privacy risks <\/td>\n<\/tr>\n | ||||||
| 35<\/td>\n | 6.5 Follow up the PIA 6.5.1 Prepare the report <\/td>\n<\/tr>\n | ||||||
| 36<\/td>\n | 6.5.2 Publication 6.5.3 Implement privacy risk treatment plans <\/td>\n<\/tr>\n | ||||||
| 37<\/td>\n | 6.5.4 Review and\/or audit of the PIA <\/td>\n<\/tr>\n | ||||||
| 38<\/td>\n | 6.5.5 Reflect changes to the process 7 PIA report 7.1 General <\/td>\n<\/tr>\n | ||||||
| 39<\/td>\n | 7.2 Report structure 7.3 Scope of PIA 7.3.1 Process under evaluation <\/td>\n<\/tr>\n | ||||||
| 41<\/td>\n | 7.3.2 Risk criteria 7.3.3 Resources and people involved 7.3.4 Stakeholder consultation 7.4 Privacy requirements 7.5 Risk assessment 7.5.1 Risk sources 7.5.2 Threats and their likelihood <\/td>\n<\/tr>\n | ||||||
| 42<\/td>\n | 7.5.3 Consequences and their level of impact 7.5.4 Risk evaluation 7.5.5 Compliance analysis 7.6 Risk treatment plan 7.7 Conclusion and decisions 7.8 PIA public summary <\/td>\n<\/tr>\n | ||||||
| 44<\/td>\n | Annex A (informative) Scale criteria on the level of impact and on the likelihood <\/td>\n<\/tr>\n | ||||||
| 46<\/td>\n | Annex B (informative) Generic threats <\/td>\n<\/tr>\n | ||||||
| 50<\/td>\n | Annex C (informative) Guidance on the understanding of terms used <\/td>\n<\/tr>\n | ||||||
| 52<\/td>\n | Annex D (informative) Illustrated examples supporting the PIA process <\/td>\n<\/tr>\n | ||||||
| 54<\/td>\n | Bibliography <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":" Information technology. Security techniques. Guidelines for privacy impact assessment<\/b><\/p>\n |