数据保护影响评估策略(DPIA)模版
5墨值下载
Data Protection Impact Assessment (DPIA) Policy
IGP-08
Summary
!
"# #$
!
Scope
#% "#$!% "
&'
!
Document Control
()*+
#,
% - "./
0 #,
1
2 !*!3
&
#
- 4-4
56*78
#& 56*78 9: 56*67
#
&
56*78
#
6
-
-##-;<.&
1
Contents
Contents........... ............ ............ ............ ............ ............ .................. ...2
1. Introduction.............................................................................................................. 2
2. About this Policy...................................................................................................... 2
3. Scope of this Policy.................................................................................................3
4. Roles and responsibilities.......................................................................................3
5. Identifying the need for a DPIA...............................................................................3
6. Undertaking a DPIA..................................................................................................4
7. Consultation with the ICO........................................................................................5
8. Review of DPIAs.......................................................................................................5
9. Disclosure and publication of DPIAs......................................................................5
10. Policy review............................................................................................................. 6
Appendix 1 – Glossary of terms.........................................................................................8
Appendix 2 – Data Protection Impact Assessment Screening Questionnaire................9
Appendix 3 – Data Protection Impact Assessment Template.........................................12
1. Introduction
1.1. The General Data Protection Regulation (GDPR) and Data Protection Act 2018
(DPA) require the University as a data controller to consider and apply appropriate
measures designed to implement their key principles effectively. Necessary
safeguards must be incorporated into all activities involving the processing of
personal data in order to ensure that the rights and freedoms of individuals are
protected. This is known as “Data Protection by Design”.
1.2. A key element of the GDPR’s focus on accountability and Data Protection by Design
is the requirement to undertake a Data Protection Impact Assessment (DPIA) (often
referred to as a Privacy Impact Assessment) where any processing of personal data
is “likely to result in a high risk” to the rights and freedoms of individuals.
1.3. A DPIA therefore serves as a tool to help the University to identify, evaluate and
mitigate risks to individuals arising as a result of the processing of their personal
data. At the same time, a DPIA should ensure compliance with data protection law
and other legal and regulatory requirements (for example, the Equality Act 2010).
1.4. A failure to undertake a DPIA when required under the GDPR may result in a fine of
up to €10 million or 20% of total global annual turnover, whichever is higher.
2. About this Policy
2.1. This Policy sets out the University’s approach towards identifying the need for,
undertaking and implementing DPIAs.
2.2. A glossary of the terms used throughout this Policy can be found in Appendix 1.
of 30
5墨值下载
【版权声明】本文为墨天轮用户原创内容,转载时必须标注文档的来源(墨天轮),文档链接,文档作者等基本信息,否则作者和墨天轮有权追究责任。如果您发现墨天轮中有涉嫌抄袭或者侵权的内容,欢迎发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
下载排行榜
评论