Companies collect data from people (their users, their employees, etc). Some of this data can be used to trace (and target) individuals, and inevitabl

Measuring Privacy - How to Compute the DPIA Threshold

submited by
Style Pass
2021-06-07 10:00:04

Companies collect data from people (their users, their employees, etc). Some of this data can be used to trace (and target) individuals, and inevitably, no matter how much care is taken in protecting that data, there will be incidents and breaches, leading to that personal information being corrupted, destroyed or accessed by unauthorised (and potentially malicious) parties.

This is the main problem data protection laws (such as GDPR in EU or LGPD in Brazil) aim to solve. They require companies to outline why they collect data, from whom, who can access it, and how it is protected. They ask companies to clarify that information to people who ask for them (and delete such information if someone requests that). For “high-risk” data processing activities, they even require companies to outline precisely outline the risks of potential incidents (data-leaks, fire in paper archives, etc),  severity of consequences of such incidents (who is affected and how much their privacy is compromised), and to establish that they are taking appropriate measures for mitigating those risks. This last requirement is typically referred to as “Data Protection Impact Assessment”, DPIA for short.

Conducting DPIA for any data processing activity can be a particularly daunting task. This is why regulations typically only require DPIA for “high-risk” data processing activities, though if a company chooses so, they can also conduct it for lower risk activities for further safety (for example here you can find the criteria for high-risk activities in GDPR). This means however, that companies must conduct a “threshold analysis” for all their data processing activities, to be able to identify the activities that are, in fact, “high-risk”, and need to have a proper DPIA. This practice, in turn, is commonly referred to as DPIA Threshold Analysis.

Leave a Comment