Documents

This policy brief lays the foundations for a method for data protection impact assessment (DPIA) in the European Union (EU). First, as a prerequisite, it proposes a generic method for impact assessment, which is intended to be used – when tailored to the particular context – in multiple domains of practice, such as environment, technology development or regulation (Section 2). Next, building on this generic method and interpreting the requirements of the General Data Protection Regulation (GDPR), this policy brief lays the foundations for a specific method for the process of DPIA in the EU, which is also intended to be adapted to the context of use (Section 3). In particular, the policy brief aims to clarify two crucial aspects of this specific method, which have thus far proved to be the most contentious. These aspects are the appraisal techniques (that is, the necessity and proportionality assessment, and risk appraisal), and stakeholder involvement (including public participation) in decision-making. Section 4 summarises the findings and calls for further guidance, clarification and tailoring down. This policy brief is addressed predominantly to policy-makers who develop methods for impact assessment, practitioners who tailor these methods to the context in which they are used and assessors who conduct the assessment process in accordance with these methods
Original languageEnglish
Pages1-8
Number of pages8
Volume1
Issue number2019
Journald.pia.lab Policy Brief
Publication statusPublished - 5 Nov 2019

    Research areas

  • data protection impact assessment, DPIA, privacy impact assessment, PIA, GDPR, data protection, privacy, risk, risk to a right, stakeholder involvement, public participation, method, Impact assessment, environmental impact assessment, EIA, technology assessment, European Union, EU, data protection authorities, DPA, data protection officer, DPO

ID: 48091339