ISO/IEC 29134
Information technology - Security techniques - Guidelines for privacy impact assessment
Overview
Provides guidelines for a process to assess privacy impacts and treat privacy risks. Directly supports GDPR Article 35 DPIA requirements with methodology for identifying and mitigating privacy risks in processing operations.
Applicability
Data Protection Impact Assessments (DPIAs) required by GDPR Article 35
Relevance to General Data Protection Regulation (GDPR)
Essential for GDPR Article 35 DPIA compliance - provides methodology and documentation framework
Key Coverage Areas
Standard Sections & Chapters
Privacy impact assessment process
Privacy risk identification
Privacy risk assessment
Privacy risk treatment
DPIA report template
Examples of processing requiring DPIA
Related General Data Protection Regulation (GDPR) Articles
Article 25: Data protection by design and by default
View Article →Privacy impact assessment in design phase
Implementation Guidance:
Conduct DPIA during system design to identify and mitigate privacy risks
Article 35: Data protection impact assessment
View Article →DPIA methodology and process
Implementation Guidance:
Conduct DPIAs for high-risk processing using ISO 29134 methodology including risk assessment, treatment, and documentation
Mapped Obligations:
- Conduct a Data Protection Impact Assessment (DPIA) before high-risk processing activities
- Perform DPIA for automated decision-making, large-scale processing of sensitive data, or systematic monitoring of public areas
- Follow supervisory authority lists of processing requiring or not requiring DPIAs
- Review and update the DPIA when risks change
Quick Information
- Organization
- ISO/IEC
- Category
- Privacy Assessment
- Certification
- Not available