(excerpted from ISACA.org)
By now you are surely aware of the European Union General Data Protection Regulation (GDPR) that goes into effect on 25 May 2018. If your company does business with just one EU citizen or in one EU location, your enterprise is subject to this new regulation—no matter where it is headquartered or who else you do business with.
One of the key compliance requirements for GDPR is to conduct data protection impact assessments (DPIAs) to identify and reduce the data protection risk within projects and systems, and thereby reduce the likelihood of privacy harms to affected EU citizens. To help with this task, ISACA has created guidance and tools you can use to navigate the DPIA requirements. What Does It Mean To Me? GDPR Data Protection Impact Assessments takes a deep dive into this critical component of the GDPR regulation and the process of completing these assessments.
The paper starts by helping you determine whether your enterprise is affected by GDPR. Then it details the process, step-by-step, of how to complete a DPIA. It covers the key questions you must ask and how matching these GDPR requirements to ISACA Privacy Principles can produce better organizational outcomes.