Privacy Impact Assessments

Current approaches regarding the conduct of privacy impact assessments vary widely, partly because they are considered best practice but are not mandatory under Irish law. Since privacy risks, and the risks of noncompliance with data protection law, are increasing and because data protection impact assessments will be mandatory in certain circumstances from May 2018 when the GDPR comes into force, many organisations who are not familiar with carrying out privacy impact assessments are searching for guidance or templates. For this purpose, the recent publication by the HSE of a privacy impact assessment for the Individual Health Identifier (“IHI”) may be welcome, particularly but not only for those operating in the health sector.

Filter by: