On June 21st, 23rd and 25th, ANPD will hold technical meetings on the topic “Personal Data Impact Assessment”, live, always at 10 am on ANPD’s YouTube channel.
The event will be divided into three panels, where experts will address topics such as: “How should ANPD evaluate a data protection impact assessment presented by the processing agent” and “How the commercial or industrial secret may limit the content of a data protection impact assessment?”.
An important initiative of the agency, which has as one of its missions to bring together all public and private actors in building a culture of Privacy and Data Protection in Brazil.
Previously, it is important to understand that the impact assessment issued is a privacy risk management tool. Thus, fulfilling the function of demonstrating that the Controller assessed the risks in the operations of processing personal data and adopted measures to mitigate them.
The impact assessment has a legal provision in article 5, item XVII, of the LGPD, defined as:
“Controller documentation that contains the description of the processes for processing personal data that may create risks to civil liberties and fundamental rights, as well as measures, safeguards and risk mitigation mechanisms;”
Thus, among the many points required by the LGPD, the – Data Protection Impact Assessment – DPIA, stands out as the instrument used by the controller in cases where the processing of personal data can generate risks to civil liberties and fundamental rights holders, serving as a tool to identify measures, safeguards and risk mitigation mechanisms.