Following best practices in Privacy Impact Assessments


Europe’s proposed Data Protection Regulation is expected to make data protection impact assessment (DPIA) mandatory, a development that could impact hundreds of thousands of organizations (both governmental and private sector) in Europe, as well as non-European entities offering their wares and services there. This article reviews the DPIA provisions outlined in the new regulation. For the nuts and bolts of a privacy impact assessment (PIA) methodology, Europe could select features from the PIA methodologies used in Australia, Canada, Ireland, New Zealand, the United Kingdom, and the United States, the countries with the most experience in PIA. AEuropeanCommission(EC)-funded project, called PIAF, reviewed these various methodologies and proposed an “optimized” PIA for Europe (and elsewhere) based on the best practices of the aforementioned countries. Based on these best practices, this article outlines a 16-step PIA process. It argues that while someorganizations mayregardaPIAasahassle, in fact, a PIA offers many benefits, as spotlighted in the article.


Kush Wadhwa and David Wright, Privacy Laws & Business United Kingdom Report, Issue 71, pp. 14-16, January 2014.

Date Published

January 1, 2014

Let's discuss your career