Impact assessment

Impact assessment

Impact assessment of CCTV / GPS monitoring systems on the protection of personal data – DPIA ( Data Protection and Impact Assessment)

If you have any questions, please contact us!

We are happy to help:

Dan Gurghian

Data protection expert

Project Manager & DPO

How do you know you need such an impact assessment?

Art. 1 of the Decision no. 174 of October 18, 2018 of ANSPDCP imposes on art c) and d) carrying out an impact assessment in particular in the following cases:

c) the processing of personal data for the purpose of systematic large-scale monitoring of an area accessible to the public, such as video surveillance in shopping malls, stadiums, markets, parks or other such spaces

So if you have such a space, it is clear that you need an impact assessment.

d) large-scale processing of personal data of vulnerable persons, particularly minors and employees, through automatic means of monitoring and systematic recording of behavior, including advertising, marketing, and publicity activities ”.

What if you don’t?

First, according to Art. 83 para. 4 of the GDPR, failure to carry out the assessment amounts to non-compliance, so you risk a fine of up to EUR 10 000 000 or, in the case of a company, up to 2% of the overall turnover.

If you think that ‘ control doesn’t come to us anyway, nobody fines us anyway ‘, we ask you something :

  • However, if a person – only one of the hundreds, or thousands, who pass through the space you own every day – decides to use their rights, they ask you for information about video cameras … and if you can’t give them, Are you complaining to the Authority?

  • If you still take a fine, no matter how small, and it is found by the general public? What impact would it have on the image of the institution or company you run or where you work as a DPO? What about you personally?

  • And even if you weren’t fined, do you want to live with such thoughts all the time? What if someone complains to me? What if a control comes and we wake up uncovered? Don’t you have other things on your mind?

What do you need to gain from an impact assessment (DPIA)?

  • Identifying the possible risks generated by the processing of personal data by using the CCTV system, respectively GPS.
  • Establish measures to address these risks to comply with the GDPR (identification of risks, their level, and legality of processing) and finally avoid a possible fine.
  • Due to the nature of its implications for the protection of personal data, the impact assessment is required to be carried out by a team of GDPR experts (with expertise in both the legal and IT fields).
  • Therefore, do not confuse the DPIA with the assessment imposed by LAW 333/2003 on the protection of objectives, assets, values and protection of persons. The latter is a risk assessment of protection Physical security , not personal data protection.
  • Last but not least , peace of mind is given by the confidence that you have everything in order in the event of a check in this regard.

How long does it take, and how much does the impact assessment cost?

The monitoring systems’ complexity mainly influences your company’s duration and price and the volume of data processed. To receive a personalized offer, please contact us.

Our team consists of specialists with 20 years of experience in the IT, legal and legal field, having in their portfolio. The implementations are carried out by multinational companies, public institutions, and SMEs.

How is the actual evaluation carried out?

Here we audit from the system installation management and the contract with its supplier to the provisions that are required regarding the CCTV / GPS in the internal regulations (ex ROI) and the employment contracts.

That is, we come to you – anywhere in the country – to see how and where the rooms are mounted and oriented. During this visit, you will receive a concrete compliance measure set.

If you already have such policies, we will review them and propose the necessary changes. If you don’t have them, we’ll work them out from scratch to ensure you get everything right.

At the end of the evaluation, you will receive this written report which includes all the elements analyzed, the conclusions -i.e., the risks discovered and their implications – and concrete proposals for action to be taken to limit the impact, respectively, the corresponding compliance with the GDPR.

Who we are and why choose us?

We are a team of specialists with over 10 years of experience in management, law, and IT. We are a reliable partner with long-term partnerships with over 800 multinational companies, SMEs, and public institutions, who want to comply with the data protection law, privacy, and personal data of employees, customers, collaborators, and who wish to avoid GDPR fines and sanctions.

Conf. Dr. Nicolae Ploiesteanu

Conf Univ Dr Nicolae Ploeșteanu
GDPR Expert – Legal

Hilda Șumălan

GDPR Expert – Legal

Dan Gurghian

GDPR – IT consultant

Anca Suciu

Anca Suciu

GDPR Marketing

Ionel Orza DPO

Ionel Orza

Project Manager-DPO

Ionela Avram

DPO Specialist

Darius Farcas

DPO instructor

Maria Enea

Lawyer

Laurențiu Rîcu

Laurențiu Rîcu
Physical Security Risk Assessment Specialist

Ruxandra Săplăcan - GDPR Specialist

Ruxandra Săplăcan

GDPR Specialist

Our vision: we want to change the mentality about GDPR compliance in Romania, to raise the level of professionalism and to align it with European standards, by offering the highest quality services, with friendship, honesty, integrity and with the pride that we are part of a team of data protection professionals.