Privacy impact assessment (PIA)
With your vendors’ answers in hand, an analyst evaluates data privacy, access, and governance risks. This part of the assessment addresses privacy controls aligned with Generally Accepted Privacy Principles (GAPP), GDPR, and state privacy regulations. Our PIA includes review of:
- GDPR core information context: review and discovery of controller and processor responsibilities.
- Sharing practices: review of how data is shared and transmitted.
Data in the system: review data collected, sources, technologies, etc.
- Notification of use: review of notice practices, use of out-in/out, and use of consent.
- Data use and accuracy: review of uses and collection practices.
- Access to data: review of retention schedules, disposal procedures, privacy training, access to the system, access controls, etc.