Data Privacy & Protection Assessment

---

What is a privacy assessment?

A Privacy Impact Assessment, or PIA, is an analysis of how personally identifiable information is collected, used, shared, and maintained.

What is a data protection impact assessment?

Data protection impact assessments under the GDPR. Data protection impact assessments (DPIAs) help organizations identify, assess and mitigate or minimize privacy risks with data processing activities. They're particularly relevant when a new data processing process, system or technology is being introduced.

Data protection impact assessments (DPIAs) help organizations identify, assess and mitigate or minimize privacy risks with data processing activities. They’re particularly relevant when a new data processing process, system or technology is being introduced.

DPIAs also support the accountability principle, as they help organizations comply with the requirements of the General Data Protection Regulation (GDPR) and demonstrate that appropriate measures have been taken to ensure compliance.

Privacy & Security

Data privacy and data protection are very closely interconnected, so much so that users often think of them as synonymous. But the distinctions between data privacy vs. data protection are fundamental to understanding how one complements the other. Privacy concerns arise wherever personally identifiable information is collected, stored, or used.

In a nutshell, data protection is about securing data against unauthorized access. Data privacy is about authorized access — who has it and who defines it. Another way to look at it is this: data protection is essentially a technical issue, whereas data privacy is a legal one.

These distinctions matter because they're woven deeply into the overarching issues of privacy and cybersecurity, both of which loom large in businesses, politics and culture. For industries subject to compliance standards, there are crucial legal implications associated with privacy laws. And ensuring data protection may not adhere to every required compliance standard.

What's important to understand when comparing data privacy vs. data protection is that you can't ensure data privacy unless the personal data is protected by technology. If someone can steal personal data, its privacy is not guaranteed, which puts you at risk for identity theft and other personal security breaches. But the opposite relationship isn't always true: personal data can be protected while still not being reliably private.

How? When you swipe your credit card for a service provider, you're doing two things. First of all, you're trusting the service provider and payment system with your personal data protection — to make sure, among other things, shady cybercriminals and other third parties can't access your credit information without your consent. But you're also trusting them to honor your data privacy by not misusing the information even though you provided it to them.

The point is technology alone cannot ensure the privacy of personal data. Most privacy protection protocols are still vulnerable to authorized individuals who might access the data. The burden on these authorized individuals is, above all, about privacy law, not technology.