Inside the compliance with GDPR, the Law establishes a series of requirements and criteria for companies that process personal data. One of these requirements is the preparation of the Personal Data Protection Impact Report – RIDP. This report is intended as a document that must be prepared by the controller whenever the process of processing personal data allows the generation of risks to civil liberties and fundamental rights.
Therefore, the importance of RIDP within the compliance with GDPR, as it is essential to keep records of data processing operations. The report must, at a minimum, contain a description of the types of data collected, the basis for the collection and the methodology used to collect the data. In order to guarantee information security and the controller's analysis regarding the measures adopted by his company, the report must have safeguards and risk mitigation mechanisms adopted.
The RIPD should preferably be prepared at an early stage of the compliance with GDPR, in the program or project that will include data processing. But it can and should also be designed for treatment operations already underway. This practice results in the importance of structuring reliable information security systems that allow automated decisions in your business.
There are other events in compliance with GDPR, which should be considered within the need to develop an RIPD. For example, in the case of the processing of sensitive personal data and the processing of data on children and adolescents, which require preventive action to mitigate risks and justify the need to prepare an Impact Report. More than a document, the RIPD is a process composed of several steps aimed at evaluating and managing risks related to project privacy.
Get in touch with TATICCA – ALLINIAL GLOBAL, which has a qualified and experienced multidisciplinary team, tools and methodology for consulting on LGPD and also implementation, in an objective and assertive way, with: guidance and training, diagnosis, analysis of employee contracts, analysis of supplier contracts, analysis of internal policies, analysis of contracts for the provision of services or sale of products, adaptation of contracts serving LGPD, data mapping, implementation of the service channel, elaboration of a privacy policy, pre-formatted documentation with all the requirements of the LGPD.