Privacy is hot
Consumers are embracing digital and organisations are moving quickly to follow the demands of their customers and even taking the lead in offering new solutions for serving their customer’s needs. Due to this change in behaviour, a massive amount of personal data is being processed within the numerous applications of these organisations. At the same time consumers and businesses are becoming aware of their privacy rights. Is their private data provided also being used for other purposes? (Social) media are eager to report on privacy issues. Reputation is at stake.
Be aware of new regulation. The European Union’s new General Data Protection Regulation (GDPR), comes into effect in May 2018. Organisations that handle personal from EU citizens (customers or employees), must comply to this regulation. It is mandatory and regulatory authorities can fine organisations the highest levels being 20 million euro or 4% of global turnover.
A PIA is a method to identify and reduce the privacy risks of your organisation. A requirement of the GDPR is to conduct a PIA prior to the processing of personal data if the nature or scope of the processing involves a high risk to the individual. In our experience we see three types of PIA.
To support you in this GDPR challenge, Capgemini Consulting has developed a proven, comprehensive methodology and USoft the underlying SMART PIA tooling.
The SMART PIA module is part of the SMART Privacy & Security Framework of USoft and contains several types of assessments. The whole idea behind SMART PIA is that organisations can configure their own way of working with the software. The default implementation is based on three steps.