When is it necessary to conduct a Data Protection Impact Assessment?

The new European Data Protection Regulation requires analysing and preparing reports when a new data processing is carried out. That is, when a company starts to collect new data, or to exploit that data in a different way, it is necessary to assess the impact, which causes such treatment in data protection.

 

The Pérez Parras Economists and Lawyers office has professionals who combine Law with Telecommunications Engineering.

Therefore, we are qualified at the highest level to carry out risk analysis exercises that a certain information, product or service system can provoke in the right to data protection of those affected. Detected the possible risks, our personalised service includes the accompaniment so that your company adopts the necessary measures to eliminate or control the aforementioned risks.

The analysis and report service must be carried out, in compliance with the European Regulation in force, prior to the start-up of the service, product or information system. That is, we are obliged to carry out a data protection impact analysis in the project’s design phase, updating itself as it evolves.

DPIA: Data Protection Impact Assessment

PIA: Privacy Impact Assessment

In which cases is a DPIA impact analysis mandatory?

In addition, companies are obliged to carry out an impact evaluation in the following cases:

1.When the processing of data to be performed will entail a high risk for the rights and freedoms of natural persons. For example, when you are going to make profiles of any type based on the personal data collected, or you are going to evaluate the financial situation of a company, or you will treat specially protected data.

2. When carrying out a systematic and exhaustive evaluation of personal aspects of physical persons that involve an automated treatment. For example, in the case of the creation of profiles to, based on them, make decisions that provoke legal effects on natural persons, or that may affect them significantly. For example, the case of biometric profiles.

3.When a large-scale systematic observation of public access areas is carried out. For example, through the use of technology that allows the recognition of natural persons, or their behaviour.

4.When a large-scale treatment of special categories of data is carried out:

• Ethnic and racial origin,
• Political opinions,
• Religious or philosophical convictions,
• Union membership,
• Genetic or biometric data aimed at univocally identifying a natural person,
• Data related to health, sexual life or sexual orientation, etc …

 

What is the impact analysis we do in compliance with the regulations in force?

The firm Pérez Parras Economists and Lawyers offers an impact analysis service in accordance with the regulations in force:

A systematic and reproducible process to evaluate the existing risks in the privacy of people,

An action carried out prior to the start-up of:

A new product, service or information system, in a systematic and reproducible way

Something more than a simple verification of compliance with current regulations, but a process-oriented analysis. We do not elaborate a mere final report, but we identify those responsible for the tasks, and the actions to be carried out.

DPIA service offered by the Pérez Parras Economists and Lawyers office:

We are professionals of the highest level and qualification, that combine engineering and law training; We offer a personalised service, adapted to the characteristics of each entity, organisation and internal flows. And doing so, we comply with the requirements of the European Regulation in force, with the greatest professionalism and guarantees.

Therefore, if you are in this situation and you want us to help you with the impact analysis, do not hesitate to consult our office of Economists & Lawyers in Malaga and Nerja  and we will carefully study your case.