The Next Generation PIAs

This framework is the latest in Nymity’s ongoing thought-leadership research in accountability. It is a next generation approach to Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIA) which is called an Accountability PIA Framework. The core of the approach works on a simple premise: both PIAs and organisational accountability have the same purpose - they mitigate privacy risk and address compliance. So, why can’t organisational efforts in accountability be leveraged in a PIA? This paper argues that it can and provides a framework for doing so.

The Framework extends the functionality and value of a PIA well beyond the traditional PIA in use today. It delivers:

  • benefits to individuals;
  • higher assurances that risk is mitigated effectively; and
  • if subject to GDPR, produces your Article 30 records of processing activities.

GDPR Ready
Section 5, 6, and 7 address
GDPR Article 30 Records of processing activities and Article 35 Data protection impact assessments

Also, this next generation Framework enables PIAs:

  • to make better use of resources; and
  • be much more scalable.

Finally, for the business, it:

  • enables more processing of personal data; and
  • provides evidence of compliance.

In short, the Accountability PIA Framework has better outcomes for both individuals and the organisation. The paper has 7 sections:

  1. Challenges with the Traditional Approach to PIAs
  2. The Overlap between Accountability and PIAs
  3. Accountability PIA Framework
    • Step 1: Benefits to Individuals
    • Step 2: Remediate Risk using Accountability Mechanisms
    • Step 3: Effectiveness Assessments
  4. The Outcomes: Better Risk Mitigation and Demonstrable Compliance
  5. Accountability and DPIAs in the GDPR
  6. Example Article 30 and Article 35 Reports
  7. The Power of Structured Accountability for GDPR Compliance

Appendix A: Why the Timing is Right for the Next Generation of PIAs: Accountability PIA Framework

Supporting Solutions:

Nymity ExpertPIA™

Enables GDPR compliant projects/processes and produces Records of Processing Activities Data Inventory, regulatory data mapping, PIAs and DPIA reports. Learn more

Nymity Templates™

Enables the rapid deployment of expert accountability mechanisms and helps ensure ongoing compliance without restricting business. Find out more with the Nymity Templates™ – Learn more

GDPR Solutions
How Nymity Can Help

Nymity's GDPR Solutions


© 2002-2018 Nymity Inc. All Rights Reserved