Data Protection Impact Assessment Tool
What the tool offers
The Data Protection Impact Assessment Tool (DPIAT) is a decision support tool that identifies the main risks of a project with respect to the rights of data subjects concerning their personal data. It is a systematic process to elicit threats to the privacy of individuals, identify the procedures and practices in place to mitigate these threats, and document how the risks were addressed in order to minimize harm to users. These were tailored to satisfy the needs of Small and Medium Enterprises (SMEs) that intend to process personal data in the cloud.
The approach is based on legal and socio-economic analysis of privacy issues for cloud deployments and takes into consideration the new requirements for DPIAs put forward in the European Union (EU) General Data Protection Regulation (GDPR).
The tool innovation
The main innovation of DPIAT is the process of automating the data protection impact assessment with a questionnaire that is aligned with the new GDPR and identifies to what extent an SME complies with the new regulation. This, combined with a plugin to assess the security controls implemented by cloud service providers and determining risks associated with using specific providers, presents a novel approach in privacy impact assessments. The tool has a user centric design, facilitating understanding and also educating users about privacy risks.
The tool has potential to become the de facto standard for DPIAs for SMEs. Most SMEs are not aware of the obligation to perform DPIAs in the near future. As soon as the GDPR becomes effective, the market demand will be considerable, especially for “Cloud born” projects oftentimes brought by start-ups across the globe.