Glossary
Data protection impact assessment (DPIA)
A mandatory study to identify and reduce the risks of a data processing operation that is sensitive for people.
The DPIA (data protection impact assessment) is provided for by the GDPR for processing operations that present a high risk, for example large-scale surveillance. It describes the processing, checks that it is necessary and proportionate, then plans measures to protect people. It is a design reflex, before launching the project.
See also
EBIOS Risk ManagerA French method, led by ANSSI, for analysing and managing an organisation's cyber risks.ISSP (security policy)The reference document that sets an organisation's security rules, objectives and responsibilities.Cyber Resilience Act (CRA)A European regulation that imposes cybersecurity requirements on digital products sold in Europe.Shared responsibility modelIn the cloud, the split of security roles between the provider and the customer depending on the type of service.