Privacy Impact Assessment

We help your organization design and implement Privacy Impact Assessment.

What is PIA ?

PIA is a terminology adopted by privacy authorities or regulations such as the followings:

• General Data Protection Regulations (GDPR) from European Union (EU),
• Personal Data Privacy Ordinance (PDPO) Hong Kong’s Office of the Privacy Commissioner for Personal Dat (PCPD).

It is generally regarded as a privacy risk assessment process that evaluates an implementation or an operation involving personal data, in term of its impact upon personal data privacy with the objective of avoiding or minimizing adverse impacts.

PCPD proposes a full set of guidelines in privacy assessment. Organizations including HKSARG Departments are required to adhere to PDPO and to conduct privacy assessment if information processing project has significant privacy implications. Assessment includes the followings:

Privacy Impact Assessment (PIA) aims to identify the level of privacy impact of an existing operation or implementation. It consists of the following components:

• Data Processing Cycle Analysis
• Privacy Risk Analysis
• Risk Mitigation Recommendation
• PIA Reporting

Privacy Compliance Assessment (PCA) aims at assessing and evaluating the level of privacy compliance with the PDPO, in particular the Six Data Protection Principles (DPP)s:

• DPP1 Purpose and Manner of Collection
• DPP2 Accuracy and Duration of Retention
• DPP3 Use of Data
• DPP4 Data Security
• DPP5 Openness and Transparency
• DPP 6 Access and Correction