Changes in Conducting Data Protection Risk Assessment: Before and After GDPR implementation

Date

2023-04-24

Advisors

Journal Title

Journal ISSN

ISSN

DOI

Volume Title

Publisher

arxiv

Type

Article

Peer reviewed

No

Abstract

Based on Article 35 of the EU (European Union) General Data Protection Regu- lation, a Data Protection Impact Assessment (DPIA) is necessary whenever there is a possibility of a high privacy and data protection risk to individuals caused by a new project under development. A similar process to DPIA had been previously known as Privacy Impact Assessment (PIA). We are investigating here to find out if GDPR and DPIA specifically as its privacy risk assessment tool have resolved the challenges privacy practitioners were previously facing in implementing PIA. To do so, our methodology is based on comparison and thematic analysis on two sets of focus groups we held with privacy professionals back in January 2018 (four months before GDPR came into effect) and then in November 2019 (18 months after GDPR implementation

Description

Keywords

PIA, DPIA, GDPR, Impact Assessment, Privacy, Data Protection, Risk Management

Citation

Zarrabi, F., Wagner, I. and Boiten, E. (2023) Changes in Conducting Data Protection Risk Assessment and After GDPR implementation. arXiv preprint arXiv:2304.11876.

Rights

Research Institute