The PIA concept from directive 95/46 to the current draft of the EU – Conclusion

By | Friday July 31st, 2015

In two previous posts, I’ve presented some of the ideas for planning and execution of PIA process and report.

Risk assessment is a very useful tool for management decision. Unfortunately someone promotes too much complex risk assessment methods that don’t help any management decision, but only increase the time and effort for analysis and don’t enforce KISS principle.

Hopefully such interpretations, leading to useless complexity, will not be supported in future, but today we need to fight them through promotion of simple but effective methods.

Thanks to Alessandro Cosenza of BTicino, that gives me some of the links presented in these articles.

Category: Impact, Risk and Measures Tags:

About Cesare Gallotti

More than 15 years of experience in information security and IT process management. Italian representative in ISO/IEC SC 27 WG1 international meetings for writing ISO/IEC 27000 standard family. Activities in Italy, Europe, Asia and Africa, for companies of various sizes and market sectors. Consultancy, training and audit for: information security, quality, compliance with legal requirements (Personal Data Protection, SOX, etc.), compliance with international standards (ISO 9001, ISO/IEC 27001, ISO/IEC 20000, ISO 22301, etc.), and processes improvement.

One thought on “The PIA concept from directive 95/46 to the current draft of the EU – Conclusion

  1. Pingback: EDPS opinion on data protection reform

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.