342·0852

data protection impact assessment

/ˈdeɪtə prəˈtɛkʃən ˈɪmpækt əˈsɛsmənt/ - n.

1 [colloq.] An assessment performed before the activity begins, scheduled three weeks after the activity began.Keep. Punchy.This is the problem.

Working definition

2. A structured analysis of privacy risks for a high-risk processing activity, performed before that activity begins.

Evidence

See also

compliance attestationA signed affirmation that the controls work, dated the same week three of them were turned off for the migration.
lawful basisThe ground selected after processing begins, by choosing whichever one the activity already happens to fit.
privacy by designA principle implemented, in practice, as privacy by retrofit, two sprints after the feature shipped.
purpose limitationThe requirement that the stated purpose be broad enough to cover any future purpose nobody has thought of yet.