Data Protection Impact Assessment (NIDA)

A personal data protection impact assessment (PPA) is a process that helps identify and manage the risks to the rights and freedoms of natural persons that may arise from the processing of personal data. It combines the identification of risks, the assessment of their impact and the planning of appropriate measures to mitigate the risks. The conduct of a NIDA when processing sensitive personal data is mandatory under the GDPR.
It is also an effective tool that organisations can use to improve their risk management practices. Find out more about NIDA State Data Inspectorates (DSI) website, where you can also find list of the types of data processing activities for which a data protection impact assessment is mandatory.
In essence, NIDA is like a “safety belt” – a preventive measure to avoid problems with the processing of personal data before they occur.

Who can make a NIDA?

This assessment can be carried out by a wide range of specialists, but it is important that they have the necessary knowledge and experience. This process is most often carried out in organisations such as universities, colleges, research institutes, medical institutions, etc. authorities data protection specialists, IT security specialists or lawyers.

Why should a researcher know this?

Using the IT infrastructure and data analysis tools provided by the research institution, the researcher does not need to worry about the NIDA software required, as this has already been done by the institution’s competent specialist.
Processing or storing sensitive personal data using software, tools, cloud services that have not been evaluated by the research institution, must be carried out by NIDA before any data handling activities on these systems are initiated.

What if I need a specific data processing tool for my research project, but I don't know if NIDA has been made for it?

Be sure to contact your university or institute's data protection officer, IT security officer or lawyer to find out, whether the tool already already exists been used before assessed. N if necessary Specialist will assess, whether it is suitable for use with sensitive personal data and will help to design risk management within the specific projectos.

Data Protection Impact Assessment (NIDA)

A personal data protection impact assessment (PPA) is a process that helps identify and manage the risks to the rights and freedoms of natural persons that may arise from the processing of personal data. It combines the identification of risks, the assessment of their impact and the planning of appropriate measures to mitigate the risks. The conduct of a NIDA when processing sensitive personal data is mandatory under the GDPR.
It is also an effective tool that organisations can use to improve their risk management practices. Find out more about NIDA State Data Inspectorates (DSI) website, where you can also find list of the types of data processing activities for which a data protection impact assessment is mandatory.
In essence, NIDA is like a “safety belt” – a preventive measure to avoid problems with the processing of personal data before they occur.

Who can make a NIDA?

This assessment can be carried out by a wide range of specialists, but it is important that they have the necessary knowledge and experience. This process is most often carried out in organisations such as universities, colleges, research institutes, medical institutions, etc. authorities data protection specialists, IT security specialists or lawyers.

Why should a researcher know this?

Using the IT infrastructure and data analysis tools provided by the research institution, the researcher does not need to worry about the NIDA software required, as this has already been done by the institution’s competent specialist.
Processing or storing sensitive personal data using software, tools, cloud services that have not been evaluated by the research institution, must be carried out by NIDA before any data handling activities on these systems are initiated.

What if I need a specific data processing tool for my research project, but I don't know if NIDA has been made for it?

Be sure to contact your university or institute's data protection officer, IT security officer or lawyer to find out, whether the tool already already exists been used before assessed. N if necessary Specialist will assess, whether it is suitable for use with sensitive personal data and will help to design risk management within the specific projectos.