The General regulations on data protection (RGPD) provides that the responsible law enforcement and processing of personal data are required to do an analysis of risks and to introduce the necessary steps to ensure the rights and freedoms of others. In addition, if this analysis confirms the existence of a high risk to data protection, also required to carry out an impact assessment (EIPD).
To facilitate the fulfilment of these obligations, the spanish data protection agency has created Manages _ EIPD , a free tool designed to help companies and administrations to carry out data treatments of high risk to a risk analysis and impact assessments. You can also be a useful resource for smes that have to put into practice a EIPD.
The AEPD account in its web page list that includes data treatments which requires an impact assessment, as stated in the RGPD. This list is complemented by another list of treatment in which it does not require a EIPD .
Manages _ EIPD is meant as an online questionnaire, which has an impact on what needs to be taken into account both in the analysis of risks and impact assessments in the protection of personal data. The process, in which the agency retains neither monitors any data, results in basic documentation that serves as a starting point to start with the analysis and risk management and that will assist the perpetrator to comply with rules and LOPDGDD.
This minimum documentation is not only help in achieving the standards, but also sets out actions that can help to reduce or mitigate the risks of treatment. However, the agency emphasizes that, in any case, the requirements could be replaced by alternative measures of technical or organizational. For more information, please see the List of elements for the current legislation the RGPD.
It is important to emphasise that this basic documentation must be completed and discussed by the person responsible for treatment and, where appropriate, the person responsible for processing, follow the directions set out in the Practical guide for impact assessments to the protection of personal data .
Manages _ EIPD joined the list of resources that the AEPD made available to the organizations to help fulfil the data protection rules, including Facilitates _ RGPD , created to companies and professionals who treat personal data of low risk. Since its launch in september 2017 had 800,000 accesses and almost 200,000 companies have minimum obtained the documents to facilitate public compliance with the laws.