Impact assessment

Impact assessment

Impact assessment of CCTV / GPS monitoring systems on the protection of personal data – DPIA ( Data Protection and Impact Assessment)

Request a personalized offer

How do you know you need such an impact assessment?

Art. 1 of the Decision no. 174 of October 18, 2018 of ANSPDCP imposes on art c) and d) carrying out an impact assessment in particular in the following cases:

c) the processing of personal data for the purpose of systematic large-scale monitoring of an area accessible to the public, such as video surveillance in shopping malls, stadiums, markets, parks or other such spaces

So if you have such a space, it is clear that you need an impact assessment.

d) large-scale processing of personal data of vulnerable persons, in particular minors and employees, through automatic means of monitoring and / or systematic recording of behavior, including in order to carry out advertising, marketing and publicity activities ”.

What if you don’t?

First, according to Art. 83 para. 4 of the GDPR, failure to carry out the assessment amounts to non-compliance, so you risk a fine of up to EUR 10 000 000 or, in the case of a company, up to 2% of the overall turnover.

If you think that ‘ control doesn’t come to us anyway, nobody fines us anyway ‘, we ask you something :

  • However, if a person – only one of the hundreds, or thousands, who pass through the space you own every day – decides to use their rights, they ask you for information about video cameras … and if you can’t give them, Are you complaining to the Authority?

  • If you still take a fine, no matter how small, and it is found by the general public? What impact do you think it would have on the image of the institution or company you run or where you work as a DPO? What about you personally?

  • And even if you weren’t fined, do you really want to live with such thoughts all the time? What if someone complains to me? What if a control comes and we wake up uncovered? Don’t you have other things on your mind?

What do you need to gain from an impact assessment (DPIA)?

  • Identifying the possible risks generated by the processing of personal data by using the CCTV system, respectively GPS.
  • Establish measures to address these risks to comply with the GDPR (identification of risks, their level and legality of processing) and finally avoid a possible fine.
  • Due to the nature of its implications for the protection of personal data, the impact assessment is required to be carried out by a team of GDPR experts (with expertise in both the legal and IT fields).
  • Therefore, do not confuse the DPIA with the assessment imposed by LAW 333/2003 on the protection of objectives, assets, values and protection of persons. The latter is a risk assessment of protection physical security , not personal data protection.
  • Last but not least , the peace of mind given by the confidence that you have everything in order in the event of a check in this regard.

How long does it take and how much does the impact assessment cost?

The duration and price are mainly influenced by the complexity of the monitoring systems in your company and the volume of data processed. To receive a personalized offer, please contact us.

Our team consists of specialists with 20 years of experience in the IT, legal and legal field, having in their portfolio the implementations carried out by both multinational companies and public institutions and SMEs.

Request a personalized offer

How is the actual evaluation carried out?

1. We analyze the risks of the CCTV / GPS system on data protection.

Here we audit from the decision of the management of the system installation and the contract with its supplier, to the provisions that are required regarding the CCTV / GPS system in the internal regulations (ex ROI) and the employment contracts.

2. Check the system on the spot.

That is, we come to you – anywhere in the country – to see how and where the rooms are mounted and oriented. During this visit you will also receive a concrete set of compliance measures.

3. We develop the policies of the monitoring system

If you already have such policies, we will review them and propose the necessary changes, if any. If you don’t have them, we’ll work them out from scratch to make sure you get everything right.

4. Preparation of the final evaluation report

At the end of the evaluation you will receive this written report which includes all the elements analyzed, the conclusions – ie the risks discovered and their implications – and concrete proposals for action to be taken in order to limit the impact, respectively the corresponding compliance with the GDPR.

REQUEST A PERSONALIZED OFFER

Who we are and why choose us?

We are a team of specialists with over 10 years of experience in management, law, and IT. We are a reliable partner with long-term partnerships with over 800 multinational companies, SMEs, and public institutions, who want to comply with the data protection law, privacy, and personal data of employees, customers, collaborators, and who wish to avoid GDPR fines and sanctions.

Conf. Dr. Nicolae Ploiesteanu

Conf Univ Dr Nicolae Ploeșteanu
GDPR Expert – Legal

Hilda Șumălan

GDPR Expert – Legal

Dan Gurghian

GDPR – IT consultant

Anca Suciu

Anca Suciu

GDPR Marketing

Ionel Orza DPO

Ionel Orza

Project Manager-DPO

Ionela Avram

DPO Specialist

Darius Farcas

DPO instructor

Maria Enea

Lawyer

Ruxandra Săplăcan - GDPR Specialist

Ruxandra Săplăcan

GDPR Specialist

Our vision: we want to change the mentality about GDPR compliance in Romania, to raise the level of professionalism and to align it with European standards, by offering the highest quality services, with friendship, honesty, integrity and with the pride that we are part of a team of data protection professionals.

Media appearances

  • GDPRComplete in Truth
  • GDPRComplete in the National Courier
  • GDPRComplete in Financial
  • GDPRComplete in Freedom
  • GDPRComplete in Live Newspapers
  • GDPRComplete in Suceava News
  • GDPRComplete in Media Radar
  • GDPRComplete in Mamprenoare