Privacy Impact Assessment

Are you worried about privacy?

Whether you’re worried about the privacy of your or that of your customers, Privacy is a huge concern for everyone. With recent breaches of privacy and the blatant misuse of trust regarding private information (i.e. Cambridge Analytica) many individuals and businesses are scrambling to understand what information they have and whether it is exposed.

Further to this Europe have decreed that any organisation, whether it is within the EU or those that do business with with EU companies will now have stricter regulatory laws regarding privacy – enter the GDPR (General Data Protection Regulation).

GDPR – General Data Protection Regulation

The General Data Protection Regulation (GDPR) was promulgated by the European Union (EU) to  amalgamate data protection for all individuals within the EU, Great Britain, and other specific European based countries. GDPR replaces the Data Protection Directive 95/46/EC.

The goal of the GDPR is to protect the personal information of all EU citizens/residents by setting standards for the collection, storage, sharing, transferring, processing, and management of various categories of personal information. It also addresses the export of personal information outside the EU. It is designed to standardise data privacy laws across the EU in order to “protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy.” With the ever-growing threat of cyber criminals focusing their efforts on stealing personally identifiable information (PII), the GDPR is easily the most important and impact regulatory scheme adopted by the EU in recent times.

Personal Information is the Focus

GDPR is 100% focused on protecting PII. That is, essentially, any information related to a Natural Person, referred to as a ‘Data Subject,’ that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

What this and other privacy concerns an individual or company may have had in the past has not had the spotlight shone on it, and furthermore there are real penalties if a business if found to have been negligent.

Its not all doom and gloom though. If your business deals with private information – personally identifiable information (PII) (of individuals), or corporate information which is deemed sensitive (in a similar context of PII), then you should consider conducting a Privacy Impact Assessment (PIA). This exercise identifies what is private information and where is resides, giving the business a laser beam focus on what it needs to protect. It can focus on structured data – data which is known and understood, but it can also focus on unstructured data – the data that may be duplicated, reside on a legacy storage device, etc. This way the business can make informed decisions as to how to protect such data.

If your organisation is concerned about privacy, is required to comply with GDPR, then contact Intact Security today to get more information on what is involved in a Privacy Impact Assessment (PIA).