The concept of “Privacy Impact Assessments” (PIAs) first emerged in the 1980s. The PIAF Consortium examined the various frameworks among the countries looking for similarities and differences, good points and shortcomings. While there are various definitions of PIAs, the PIAF Consortium used the following definition: a methodology for assessing the impacts on privacy of a project, policy, programme, service, product or other initiative and, in consultation with stakeholders, for taking remedial actions as necessary in order to avoid or minimise negative impacts.
While regulatory efforts that provide PIA frameworks to the privacy community have been valuable and have encouraged companies to focus on privacy risks, this general approach has not changed since the introduction of PIAs in the 1980s. Since then, we have witnessed great shifts in regulatory developments, data collection and use, advances in technology and organisational investments in privacy management accountability.
Privacy Officers/DPOs have reported that in today’s data-intensive and fast-paced technological environment, the traditional approach to conducting PIAs is causing numerous challenges. Traditional PIAs are viewed as onerous, form-filling process and only one of numerous compliance tasks. Business and operational units often see little value in completing a PIA and are reluctant to approach the Privacy Office/DPO for a request for a PIA for fear that the process will slow down fast moving initiatives, or worse, stop them in their tracks.
The Accountability PIA Framework is a next generation approach to Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIA). The core of the approach works on a simple premise: both PIAs and organisational accountability have the same purpose - they mitigate privacy risk and address compliance.
In the paper Next Generation PIAs, Nymty argues organisational efforts in accountability can be leveraged in a PIA and provides a framework for doing so.
The Framework extends the functionality and value of a PIA well beyond the traditional PIA in use today. It delivers:
- Benefits to individuals;
- Higher assurances that risk is mitigated effectively; and
- GDPR Ready and produces your Article 30 records of processing activities and Article 35 Data protection impact assessments
To learn more about how the Accountability PIA Framework has better outcomes for both individuals and the organization, download the full paper at: https://www.nymity.com/next-generation-pia.aspx