Data Protection Impact Assessment


Know how to deal with privacy-sensitive data.

There is an increasing trend of automation, digitalization and more analysis and use of data as part of cloud computing, mobile communication, social media etc. The more services, data and information gets digitalized and integrated into applications, which are accessible via the Internet or internal networks, the bigger certain privacy risks.

Globally, there are more and more (cyber) incidents involving digital networks and systems, including data leaks, with increasing impact and damage to organizations. Regulators, in Europe but also globally, are attempting to address this problem.

European Data Protection Reform has been underway since 2012. Recently the European Commission and Parliament adopted the new General Data Protection Regulation, which will be binding law for all EU member states and emphasizes the importance of privacy and effective privacy protection.

  • Are you aware which privacy sensitive data your organization gathers or uses?
  • Do you know the impact if privacy data are lost or fall prey to a cyber-criminal?
  • Do you know what your legal obligations are, and what to do to comply with those?

What does this mean?

Organizations are held to high standards to carefully gather and use personal data, in compliance with legal rules and obligations. The organization is primarily responsible for this, also when an incident occurs with a third party, such as a cloud provider.

Organizations are expected to apply due care and adequately estimate and mitigate privacy risks, when they introduce (new) technologies, services and products. A number of activities can contribute to this effort, such as ‘privacy-by-design, integrating privacy-enhancing measures early on.

Another important activity, which in more and more cases is becoming mandatory, is performing a privacy impact assessment (PIA). A PIA is an assessment of privacy risks and impact. With insight obtained, organizations are enabled to undertake timely measures that can mitigate privacy risks.

How can UL help?

To establish a healthy balance between the use of personal data and privacy protection is a big challenge. UL helps by providing insight into privacy risks and impact through a PIA. UL starts by looking at the impact of the introduction of a new system or product, by analyzing which and what type of data are being gathered or used, where data is located and who has access to data, etc.

UL integrates existing PIA models into a pragmatic approach, by which we consider all relevant privacy (legal) obligations, principles and measures. UL evaluates the purpose of personal data use, protection levels and measures, and opportunities to limit data use. UL advises which (additional) privacy measures can be taken, such as where it concerns data access control.

UL brings deep technical information security expertise. We can provide you with detailed insight into data protection mechanisms, such as linked to identification, authentication and authorization processes, and encryption techniques (including PKI encryption).