Data Protection Impact Assessment

caso valutazione protezione dati personali

Fund for Training and Income Support for Temporary Workers

The ICT& PRIVACY Area and the DPO requested MACFIN’s support to conduct a Data Protection Impact Assessment (“DPIA“).

In the context of personal data processing managed by the Fund in its capacity as Data Controller, the DPIA was aimed at assessing the necessity and proportionality, as well as the related risks for the data subjects, in order to prepare suitable measures to address them.


Identify and analyze

processing that may present potentially high risks to data subjects (e.g., sensitive data, evaluative, large-scale processing, etc.)

Review risks

to stakeholders in terms of likelihood of occurrence, impact, and level of effectiveness of measures in place

Evaluate the legitimacy

as well as the necessity and proportionality of processing in relation to the purposes

Evaluate prior consultation

with the Guarantor Authority if risks to data subjects are not adequately guarded and identification of possible improvements to measures that guard against risks


Analysis of treatments and methodology tuning

to define the assessment perimeter Sharing with the DPO and the ICT and Privacy Area Referent, of the evaluation methodology adopted, in order to integrate it where appropriate, in consideration of the characteristics of the Organization

Impact assessment

to identify processing operations at risk for the rights of data subjects and conduct of impact assessment on perimeter processing, based on methodology. Conduct of risk self-assessment process, by surveying Area/Office managers for processing operations under their respective areas of responsibility. Sharing of the results of the surveys already conducted with managers and self-assessment of risks with the ICT and Privacy Area Manager. Collection, during the surveys, of the main evidence in support of the evaluation of security measures

Definition of mitigation plan

to assess the legitimacy, as well as the necessity and proportionality of the treatments in relation to the purposes. Definition of possible corrective actions related to security measures and, in general, to the personal data risk management framework, in consideration of the characteristics of the treatments, of the risks not adequately mitigated, of the observations of the risk owners, of the main evidences regarding the effective adoption and effectiveness of the security measures


Final reporting

of impact assessment outcomes

aware risk management

inherent in the management of personal data, in view of the characteristics of the processing and the adoption and effectiveness of security measures in place

Assurance to the ICT & Privacy Area

on the lawfulness of the treatment and their necessity and proportionality, with particular reference to the conditions and measures aimed at ensuring the proper exercise of the rights of the interested parties


Would you like to have more information about our services and solutions? Enter your data and we will contact you as soon as possible. 

    I'd like to talk about:

    Other Success Cases

    Caso Framework Player Internazionale Gaming

    Setting the "231" Framework of an International Gaming Player

    Industry & Services | ESG, Risk & Compliance

    Caso framework GDPR società pubblica

    Setting the "GDPR" Framework of a State-owned company

    Non-Profit & Public | Risk & Compliance

    About Macfin