This document gives guidelines for It is applicable to all types and sizes of organizations, including public companies, private companies, government entities and not-for-profit organizations. This document is relevant to those involved in designing or implementing projects, including the parties operating data processing systems and services that process PII.
Tämän julkaisun valmistelusta Suomessa vastaa SFS Suomen Standardit, puh. 09 149 9331.
Sisällysluettelo
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviated terms
5 Preparing the grounds for PIA
5.1 Benefits of carrying out a PIA
5.2 Objectives of PIA reporting
5.3 Accountability to conduct a PIA
5.4 Scale of a PIA
6 Guidance on the process for conducting a PIA
6.1 General
6.2 Determine whether a PIA is necessary (threshold analysis)
6.3 Preparation of the PIA
6.4 Perform the PIA
6.5 Follow up the PIA
7 PIA report
7.1 General
7.2 Report structure
7.3 Scope of PIA
7.4 Privacy requirements
7.5 Risk assessment
7.6 Risk treatment plan
7.7 Conclusion and decisions
7.8 PIA public summary
Annex A Scale criteria on the level of impact and on the likelihood (informative)
Annex B Generic threats (informative)
Annex C Guidance on the understanding of terms used (informative)
Annex D Illustrated examples supporting the PIA process (informative)