CERRIX Documentation
  • Introduction to CERRIX
  • CERRIX Functionalities
    • Getting Started
    • Using the Dashboard
    • Module Overview
      • Risks
        • AI Risk Description Refinement
        • Budget-based Risk Scoring
      • Controls
        • Design & Implementation (D&I) Testing
        • AI Control Description Refinement
        • Control Execution Tasks
      • Control Advanced Effectiveness Testing
        • Control Advanced Effectiveness Testing Video's
      • Incidents
        • Incidents Standing Data & Emails
        • Creating a New Incident
        • Incidents Workflow
        • Incidents Workspace
        • Incidents Roles & Rights
        • Incidents: Known Issues & Future Improvements
      • Events
      • Business Improvement Management
        • Measures of Improvement (MoIs)
          • Working with MoIs (Measures of Improvement)
        • Findings Report
      • Data Management
      • Third Party Management
      • Key Risk Indicators (KRI's)
  • Admin Settings
    • External Connections
    • AI Settings
    • Authentication & User Provisioning
  • API Documentation
  • Best Practices & Guides
    • Control Design & Implementation, Execution & Effectiveness Testing: What's the Difference?
    • CERRIX AI FAQ
  • Implementation Guide
  • Import Templates
  • About CERRIX
    • Getting Support
    • Release Notes
    • Release Planning
    • Product Strategy & Roadmap
    • Heavy & Light Users
  • Trust & Compliance
    • Strategic Information Security Policy
    • ISO 27001
    • ISAE 3402 Type II
    • Privacy / GDPR
    • Security Statement
    • FSQS Certificate
Powered by GitBook
On this page
Export as PDF
  1. Trust & Compliance

Privacy / GDPR

PreviousISAE 3402 Type IINextSecurity Statement

Last updated 1 day ago

A Data Protection Impact Assessment (DPIA) is a process used to identify and minimize data protection risks in projects or initiatives that involve the processing of personal data, especially when new technologies are involved or when processing could significantly impact individuals' privacy. DPIAs are mandated under regulations like the GDPR when data processing poses high risks to the rights and freedoms of individuals.

Key aspects of a DPIA include:

  1. Purpose: Identifying the need and objectives of processing personal data.

  2. Data Flow Analysis: Mapping out data collection, processing, storage, and sharing practices.

  3. Risk Assessment: Evaluating risks to individuals' privacy, such as unauthorized access, loss, or misuse of data.

  4. Mitigation Measures: Proposing actions to reduce identified risks, like implementing technical safeguards, limiting data access, or anonymizing data where possible.

  5. Documentation and Review: Keeping records of findings and reviewing the DPIA periodically, especially if processing changes.

Our DPIA helps to ensure compliance with privacy laws, demonstrate accountability, and build trust with users by showing a proactive approach to data protection.

289KB
Data Protection Impact Assessment v1.1.pdf
pdf