DPIA

ADPIA (Data Privacy Impact Analysis) and GDPR (General Data Protection Regulation or AVG) by design enforce the Controller – PNO – to analyze the flow of Personal Data and take technical and/or organizational measures for the processing to be within the GDPR boundaries. Personal Data flow from the Data Subject to the Controller and from there optional to (sub) Processor(s).
– For PNO the generic processing chain is
Data Subject – Client – PNO – Processors – Sub-processor … Hosting company‘.
– For the PNO WBSO application, the chain is
Data Subject – Client – PNO – Hosting company‘ or even
Data Subject – Client – PNO’ because PNO hosts the WBSO application themselves.
– For

Sub pages
DPIA WBSO-tool (the Netherlands)
DPIA ESF Tool (Current version 2022 08 01 – in 2023 new one)
– DPIA PNO Urentool (Postponed)
– DPIA FZ Tool (Germany; postponed)
– DPIA FZ Tool (France; postponed)

A GDPR light consists of an answer to the below issues:

  • What (personal) data (owned by the Data Subject)
  • Is mailing list/audio/video/participant lists at hand
    (Check Technical and Organizational Measures)
  • Does a client’s procurement policy apply
  • Organization consent for use given/archived
  • Does Data Subject acknowledge Privacy Statement
  • Does Data Subject acknowledge Cookie Policy
  • Does Data Subject acknowledge Netiquette
  • Where are data stored/processed (within EER)
  • Is access to Personal Data limited within PNO
  • Is the host ISO 27001 certified
  • How are data transmitted
  • What data is shared with who
  • What period(s) applies (project length, tax laws etc)
  • How are data anonymized
  • How are data cleansed
  • How/when are data cleaned up/destroyed/given back
  • How can Data Subject exercise right
  • Does the Privacy Statement cover all data at hand <= Frequently overlooked
  • Does the Cookie Policy cover all data at hand
  • Is there a need for a Processing Agreement
  • What technical and/or organizational measures are needed