How do you know you need such an impact assessment?
Art. 1 of the Decision no. 174 of October 18, 2018 of ANSPDCP imposes on art c) and d) carrying out an impact assessment in particular in the following cases:
c) the processing of personal data for the purpose of systematic large-scale monitoring of an area accessible to the public, such as video surveillance in shopping malls, stadiums, markets, parks or other such spaces
So if you have such a space, it is clear that you need an impact assessment.
d) large-scale processing of personal data of vulnerable persons, in particular minors and employees, through automatic means of monitoring and / or systematic recording of behavior, including in order to carry out advertising, marketing and publicity activities ”.

What if you don’t?
First, according to Art. 83 para. 4 of the GDPR, failure to carry out the assessment amounts to non-compliance, so you risk a fine of up to EUR 10 000 000 or, in the case of a company, up to 2% of the overall turnover.
If you think that ‘ control doesn’t come to us anyway, nobody fines us anyway ‘, we ask you something :
However, if a person – only one of the hundreds, or thousands, who pass through the space you own every day – decides to use their rights, they ask you for information about video cameras … and if you can’t give them, Are you complaining to the Authority?
If you still take a fine, no matter how small, and it is found by the general public? What impact do you think it would have on the image of the institution or company you run or where you work as a DPO? What about you personally?
And even if you weren’t fined, do you really want to live with such thoughts all the time? What if someone complains to me? What if a control comes and we wake up uncovered? Don’t you have other things on your mind?

What do you need to gain from an impact assessment (DPIA)?
- Identifying the possible risks generated by the processing of personal data by using the CCTV system, respectively GPS.
- Establish measures to address these risks to comply with the GDPR (identification of risks, their level and legality of processing) and finally avoid a possible fine.
- Due to the nature of its implications for the protection of personal data, the impact assessment is required to be carried out by a team of GDPR experts (with expertise in both the legal and IT fields).
- Therefore, do not confuse the DPIA with the assessment imposed by LAW 333/2003 on the protection of objectives, assets, values and protection of persons. The latter is a risk assessment of protection physical security , not personal data protection.
- Last but not least , the peace of mind given by the confidence that you have everything in order in the event of a check in this regard.
How long does it take and how much does the impact assessment cost?
The duration and price are mainly influenced by the complexity of the monitoring systems in your company and the volume of data processed. To receive a personalized offer, please contact us.
Our team consists of specialists with 20 years of experience in the IT, legal and legal field, having in their portfolio the implementations carried out by both multinational companies and public institutions and SMEs.
Who we are and why choose us?
We are a team of specialists with over 10 years of experience in management, law, and IT. We are a reliable partner with long-term partnerships with over 800 multinational companies, SMEs, and public institutions, who want to comply with the data protection law, privacy, and personal data of employees, customers, collaborators, and who wish to avoid GDPR fines and sanctions.