General Principles ...............................................................................................................

35
Key Considerations ................................................................................................. 36
Objectives ................................................................................................................. 36
Responsibility ...................................................................................................................... 37
Stakeholder Involvement ................................................................................................... 37
Structure and Form ............................................................................................................. 38
Planning a PIA .................................................................................................................... 39
Preparatory Activities ........................................................................................................ 39
Conduct of the PIA ............................................................................................................. 40
Documentation and Review .............................................................................................. 42
Compliance and Accountability ....................................................................................... 42

Privacy Impact Assessment - Template ................................................................................. 44

I. Project/System Description ....................................................................... 44
a. Description ...................................................................................................... 44
b. Scope of the PIA ............................................................................................. 44
II. Threshold Analysis ................................................................................................ 44
III. Stakeholder(s) Engagement.................................................................................. 45
IV. Personal data Flows............................................................................................... 45
V. Privacy Impact Analysis ....................................................................................... 47
VI. Privacy Risk Management .................................................................................... 51
VII. Recommended Privacy Solutions ........................................................................ 53
VIII. Sign off and Action Plan ....................................................................................... 54

III. Be Accountable: Write your Privacy Management Program and Privacy Manual
Privacy Management Program Guide .............................................................................. 54
Checklist ................................................................................................................................. 63
Privacy Manual Guide ......................................................................................................... 68

IV. Demonstrate your compliance: Implement Privacy and Data Protection

Measures................................................................................................................................. 77
The 10 Point Privacy Accountability and Compliance Framework
Data Privacy Accountability and Compliance Framework ................................................. 77
1. Establishing Data Privacy Governance ....................................................................... 78
2. Privacy Risk Assessment ............................................................................................... 78
3. Preparing Your Organizations Data Privacy Rules .................................................. 79
4. Privacy in Day to Day Data Life Cycle Operations ................................................... 79
5. Managing Personal Data Security Risks ..................................................................... 91
6. Data Breach Management ............................................................................................. 98
7. Managing Third Party Risks ........................................................................................ 99
8. Managing Human Resources...................................................................................... 100
9. Continuing Assessment and Development .............................................................. 103
10. Managing Privacy Ecosystem ..................................................................................... 104

Data Privacy Compliance Guidelines .............................................................................

V. Be prepared for breach: Regularly exercise your Breach Reporting Procedure 106

5
IV. Demonstrate your compliance:
Implement Privacy and Data Protection Measures
Data Privacy Accountability and Compliance Framework

A. Choose A DPO T. Data Breach

Management
Security Incident
Policy
Incident Response
Procedure
Breach
Documentation

B. Register U. Third Parties

C. Record of Processing Legal Basis for
Activities Disclosure
D. Conduct Risk Data Sharing
Assessment Agreements
Cross Border
Transfer Agreements

E. Privacy Management V. Trainings and

Program Certifications
F. Privacy Manual W. Security Clearance

G. Privacy Notice X. Continuing Assessment

H-O. Data Subject Rights and Development
P. Data Life Cycle Regular Risk
Assessment
Review Contracts
Internal Assessments
Review PMP
Accreditations

Q. Organizational Y. New technologies and

R. Physical standards
S. Technical Z. New legal requirements
Data Center
Encryption
Access Control
Policy

77