graphgrc

SCF - RSK-10 - Data Protection Impact Assessment (DPIA)

Mechanisms exist to conduct a Data Protection Impact Assessment (DPIA) on systems, applications and services that store, process and/or transmit Personal Data (PD) to identify and remediate reasonably-expected risks.

Mapped framework controls

GDPR

• Art 35.11
• Art 35.1
• Art 35.2
• Art 35.3
• Art 35.6
• Art 35.8
• Art 35.9
• Art 36.1
• Art 36.2
• Art 36.3

ISO 27002

• A.5.33

SOC 2

• CC3.2
• CC5.2
• PI1.1

Control questions

Does the organization conduct a Data Protection Impact Assessment (DPIA) on systems, applications and services that store, process and/or transmit Personal Data (PD) to identify and remediate reasonably-expected risks?

This site is open source. Improve this page.