Regulation states that Privacy Impact Assessment is the first step of a company’s security strategy, that consequentially enhances the analysis of risks related to personal data processing and security measures adopted to protect information.
More than setting specific security measures, the Regulation requires the Controller to implement organizational and technical processes to identify, reduce and mitigate risks that threaten personal information.
Into this section you will find organizational and technical actions appropriate for the specific processing activity and assessed considering also costs of implementation.