Five critical-success factors for effective General Data Protection Regulation (GDPR) data-protection impact assessments

Start adding items to your reading lists:
or
Save this item to:
This item has been saved to your reading list.

Overview

The most well-attended sessions at recent data-privacy conferences have covered the topic of data-protection impact assessments (DPIAs) required by the EU’s landmark General Data Protection Regulation (GDPR). A new discipline for European companies, DPIAs have been conducted in America for over a decade under the mantra of privacy impact assessments (PIAs). The US experience with PIAs offers five main lessons to multinationals seeking to solidify their DPIA implementation plans:

  1. Knowing when to complete a DPIA
  2. Less is more
  3. Logical tiering trumps index scoring
  4. Embed DPIAs into the first line of defense
  5. Plan to scale with software

Contact us

Jay Cline

Privacy Leader, Principal, PwC US

Tel: +1 (612) 596 6403

Carolyn Holcomb

Partner, Cybersecurity and Privacy, PwC US

Jocelyn Aqua

Principal, Cybersecurity and Privacy, PwC US

Tel: +1 (202) 730 4862

Follow us