What doas a Data Protection Impact Assessment look like that the German Federal Data Protection Authority reviewed?
https://www.coronawarn.app/assets/documents/cwa-datenschutz-folgenabschaetzung.pdf
Interesting sections from the document structure
- information on the organisation (with privacy team setup)
- necessity of the DPIA
- description of processing activities (evaluation target), with
- context
- purpose
- process steps
- system architecture
- data flows and processes
- data categories
- data deletion
- actors involved in the processing
- additional documents
- consideration of stakeholders’ vire
- legal privacy assessment
- categories of personal data
- legal grounds
- data subject rights
- privacy-by-design measures
- other privacy requirements
- assessment of the necessity and proportionality of the processing
- risk analysis
- continuous privacy reviews