Zusammenfassung
With the GDPR, DPIAs have become mandatory for processing activities that are likely to result in a high risk for the rights and freedoms of data subjects. In the Netherlands, since 2011, DPIAs have been mandatory for the government when drafting new legislation or introducing new systems that imply processing of personal data of citizens. Now, no longer only government but also other entities have to conduct DPIAs. The obligation lies on the data controller, but occasionally, processors can choose to perform their own DPIAs as well, for instance if they offer standardized services or systems to controllers. This enables controllers to easier demonstrate them being in control, while at the same time it saves time and money for the processor by preventing repeating work for several different clients. This contribution gives an overview of the main insights from the practice of DPIAs and challenges that come along. Then, the case of hyperscale providers is taken as an example to illustrate challenges, but also to show that DPIAs can be used as a strategic instrument for compliance. Finally, some key messages are shared.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Roosendaal, A. DPIAs in practice – a strategic instrument for compliance . Datenschutz Datensich 44, 166–168 (2020). https://doi.org/10.1007/s11623-020-1244-x
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11623-020-1244-x