Lesson 3The importance of privacy in project management
- Notion 15 - Why does privacy matter for project management?
- Notion 16 - What is considered user personal data?
- Notion 17 - Privacy legislation in the EU
- Notion 18 - Data protection principles
- Notion 19 - The legal ramifications of violating privacy
- Notion 20 - Privacy by Design: matching design with privacy needs
- Notion 21 - Consent is the magic word
- Notion 22 - The role of the project manager in ensuring privacy
- Notion 23 - Conducting a Privacy Impact Assessment
- Notion 24 - How can data protection lead to more sustainable project management?
- Notion 25 - Quiz
Notion 23
Conducting a Privacy Impact Assessment
Target skills
What is a privacy impact assessment?
Privacy Impact Assessment (PIA) is all about analyzing how an entity collects, uses, shares, and maintains personally identifiable information, related to existing risks.
The goals of a PIA
A PIA should accomplish three goals:
1. Ensure conformance with applicable legal, regulatory, and policy requirements for privacy
2. Determine the risks and effects
3. Evaluate protections and alternative processes to mitigate potential privacy risks.
When a PIA is compulsory?
The General Data Protection Regulation (GDPR) specifies the cases where an PIA is necessary and its content, as well as the obligation to check the consistency of the PIA, such as, for example, in the case of a practice which is likely to result in a high risk to the rights and freedoms of natural persons; an action which consists of a systematic and thorough evaluation of personal aspects relating to natural persons, based on automated processing, including profiling, and on the basis of which decisions are taken which have legal effects on a natural person or which significantly affect him or her in a similar way; or the systematic large-scale monitoring of a publicly accessible area...
Key points of a PIA
The Privacy Impact Assessment shall include at least the following points
1 a description of the processing operations and the purposes of the processing, including the legitimate interest pursued by the controller
2 an assessment of the necessity and proportionality of the processing operations in relation to the purposes
3 an assessment of the risks to the rights and freedoms of data subjects;
4 the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation, taking into account the rights and legitimate interests of data subjects and other persons affected.