Privacy Impact Assessment
By:
gwi.digital
Are you adequately managing privacy risks? It’s more than a compliance exercise.
Overview
Privacy Impact Assessment
A Privacy Impact Assessment (PIA) is an integral part of the project planning process. It identifies the impact that a project may have on the privacy of individuals and sets out recommendations for managing, minimising, or eliminating that impact. Privacy issues that are not adequately addressed can result in harm to customers and stakeholders (e.g. financial or reputational damage), non-compliance with privacy laws, loss of credibility and trust in your organisation, and undermine your project’s success.
GWI can help you to identify problems early, when it is easier and cheaper to address them.
A Proactive Approach
GWI adopts the internationally recognised Privacy by Design (PbD) framework to help our clients build good privacy practices into the design and development of systems, processes, and decision-making that involve the use or disclosure of personal information.
PbD enables a shift from a compliance/reactive approach to privacy management, to a proactive and preventative approach, minimising information systems’ privacy risks through technical and governance controls, ultimately supporting increased public trust. It ensures that privacy is considered at all stages of an initiative. GWI works across all Australian jurisdictions and is familiar with the guidance provided by each government’s guidance and templates.
High Level Approach
GWI delivers PIAs using a four-step process
- Engage with key stakeholders to understand the personal and/or sensitive information involved in a project.
- Analyse the information/data flows to enable the identification of risks, considering the legislative context and impacted individuals.
- Design a strategy to minimise identified risks. Document the privacy impact assessment process and outcomes.
- Incorporate client input and finalise for implementation.
Sizing and Scaling
Our PIA offering is sized and scaled based on several dimensions including:
- Application/platform size and complexity - are we dealing with a single standalone application/platform, a single application/platform with limited integration or multiple integrated applications/platforms ?
- Data flows - how many data flows are involved - up to 6, 6-12 or 12+ ?
- Data points - how many data points are involved - limited but known number of personal information data points, limited but unknown # of personal information data points or personal information not well understood or documented ?
- Legislation - single jurisdiction (State or Territory), national (Australia) or international ?
About Us
GWI is experienced in assessing privacy risks within complex regulatory, legislative and technology environments involving the collection, transfer, handling, access and storage of sensitive and personal information.
We have a detailed understanding of the privacy obligations impacting our clients. We have privacy subject matter experts with internationally recognised certifications. GWI understands the critical intersection of privacy with data ethics, data security and governance.
Our consultants have extensive experience navigating privacy and data protection legislation and regulations, including impending reforms at the federal level. We have helped public and private sector clients to develop their privacy maturity and capability.
Our work is underpinned by rigorous internal processes that meet applicable international standards, including ISO 9001.
| Sold by | gwi.digital |
| Categories | |
| Fulfillment method | Professional Services |
Pricing Information
This service is priced based on the scope of your request. Please contact seller for pricing details.
Support
A gwi.digital delivery manager will work with you to coordinate implementation and execution of the Privacy Impact Assessment package.
We offer extended business hours support via:
- phone 1300 494 344 (Australia)
- phone 0800 494 344 (New Zealand)
- email support@gwi.digital