Many privacy officers are under the impression that the GDPR requires organisations to conduct PIAs and that doing so will largely meet their GDPR compliance obligations. This is not the case. The GDPR is an accountability-based regulation and requires organisations to demonstrate compliance with all aspects of the GDPR. In fact, over 39 Articles require a technical or organisational measure to demonstrate compliance. Article 35 on data protection impact assessments is only one of them. Furthermore, DPIAs are required in only limited circumstances; when the processing is likely to result in a high risk to the rights and freedoms of natural persons.
In our recent webinar, Nymity is joined by General Electric to discuss a new compliance innovation: an expert system that, when subject to GDPR, enables organisations to leverage their existing accountability mechanisms, meet their obligations under Article 30 (Records of processing activities) and, when DPIA-Triggered™, under Article 35 GDPR (Data Protection Impact Assessments).
View our webinar on demand to hear how Renard Francois, Global Chief Privacy Officer at General Electric avoids lengthy or incomplete questionaires and carries out more data processing activities with the same data, within the boundaries of the law.