RSK-10
Data Protection Impact Assessment (DPIA)
Description
Mechanisms exist to conduct a Data Protection Impact Assessment (DPIA) on Technology Assets, Applications and/or Services (TAAS) that store, process and/or transmit Personal Data (PD) to identify and remediate reasonably-expected risks.
Control Question
Does the organization conduct a Data Protection Impact Assessment (DPIA) on Technology Assets, Applications and/or Services (TAAS) that store, process and/or transmit Personal Data (PD) to identify and remediate reasonably-expected risks?
Control Metadata
Domain:
Risk Management
Validation Cadence:
Annual
Evidence Request List:
E-PRI-04
Framework Mappings
This control maps to the following compliance frameworks
APRA CPS234
21(d)
MAS TRM
5.1.35.3.3
HKIA GL20
1.11.21.31.41.52.12.22.3