The Data Protection Impact Report (DPIR) , also known as the Data Protection Impact Assessment (DPIA) , is a fundamental document in which companies demonstrate all the personal information they collect, process, use and share. As well as the measures adopted to mitigate risks that may affect the civil liberties and fundamental rights of the holders of this data.
The mandatory nature (or not) of preparing the RIPD is linked to the risks that the company’s data processing activity poses.
Furthermore, the preparation of the RIPD constitutes good practice on the part of the organization to reduce the risks involved in a given personal data processing operation.
In what context does the ANPD recommend that the RIPD be prepare?
As a general rule, the preparation of the whatsapp data is in any context. Which personal data processing operations may generate a high risk to the guarantee of the general data protection principles provided for in the LGPD. However, the LGPD also lists some other specific situations in which the RIPD may by the ANPD, see below:
- In data processing operations carried out for the exclusive purposes of public security, national defense, State security or activities involving the investigation and repression of criminal offenses (art. 4, § 3);
- When the processing is based on the hypothesis of legitimate interest (art. 10, § 3);
- For Public Authorities, including determination regarding the publication of the RIPD (art. 32);
- For controllers in general, regarding their processing operations, including those involving sensitive personal data (art. 38).
When is it necessary to prepare the Data Protection Impact Report?
It is recommended that the controller ugc media grid: showcase instagram photos and videos on your shopify store the RIPD before starting to process personal data for a specific purpose. In this way, the controller will be able to understand what problems may arise in advance and identify the likelihood of each risk factor occurring. In addition to its impact on the fundamental freedoms and rights of the data subjects. Thus, adopting mitigation measures and mechanisms appropriate to the hypothesis.
The RIPD has been prepare, what now?
After preparing the Data Protection cmo email list Report, the controller must assess the feasibility of continuing with the personal data processing processes that led to the creation of the report or determine whether it is necessary to make modifications to the way of processing.
The data controller will follow the recommendations of the RIPD. Especially those that the controller has adopted regarding the implementation of measures, safeguards and risk mitigation mechanisms.
