GDPR Article 35: Data Protection Impact Assessment

The General Data Protection Regulation (GDPR) Audit reports provide documentation and compliance artifacts that help you demonstrate compliance with requirements outlined by GDPR.

The GDPR Article 35: Data Protection Impact Assessment report describes and provides access to features in the Alert Logic console that help demonstrate compliance with GDPR Article 35.

To access the GDPR Article 35: Data Protection Impact Assessment report:

In the Alert Logic console, click the menu icon (), and then click Validate.
Click Reports, and then click Compliance.
Under GDPR Audit, click VIEW.
Click GDPR Article 35: Data Protection Impact Assessment.

The report summary page displays two columns. Requirements lists each requirement from the selected GDPR Article. Available Documentation and Artifacts describes and contains links to the documentation and compliance artifacts that this report can generate to meet each requirement listed by the GDPR Article.

Filter the report

To refine your findings, you can filter your report by date range and customer account.

Filter the report using drop-down menus

By default, Alert Logic includes (All) values for most filters in the report.

To add or remove filter values:

Click the drop-down menu in the filter, and then select or clear values.
Click Apply.

Schedule the report

After you finish setting up the report, you can use CREATE REPORT to run it periodically and subscribe users or an integration (such as a webhook) to receive a notification when the report is generated. To learn how to schedule the report and subscribe notification recipients, see Scheduled Reports and Notifications.

Available documentation and artifacts

This report provides documentation and artifacts that help you demonstrate that policies and procedures are implemented to protect data by design and by default.

Requirement 1

Requirement 1 of GDPR Article 35 requires that, when using new technologies for processing is likely to result in a high risk to the rights and freedoms of natural persons, the controller must carry out an impact assessment of envisaged processing operations on the protection of personal data. A single assessment may address a set of similar processing operations that present similar high risks.

This section provides you with the following links for quick access to appropriate pages for use as part of your DPIA security testing and analysis in the Alert Logic console:

The Deployments page, where you can Manage Vulnerability Scan Schedules for the deployments in your environments to detect software and application vulnerabilities, risky configurations, and systems with encryption issues.
The AWS CIS AWS Foundation Benchmark, were you can inspect pre-production AWS workloads and service for misconfigurations or overly permissive access that could expose protected data to attack or unauthorized access.
The Risk Reports and Threats Reports , where you can analyze and document the security posture of tested environment including risk levels, threat details, potential impact, and remediation recommendations.

Requirement 2

Requirement 3 of GDPR Article 35 requires the controller to seek the advice of the data protection officer, where designated, when carrying out a data protection assessment.

Alert Logic does not provide data for this requirement .

Requirement 3

Requirement 3 of GDPR Article 35 requires that the data impact assessment from requirement 1 be in the case of:

a systematic and extensive evaluation of personal aspects relating to natural persons which is based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning the natural person or similarly significantly affect the natural person; or
processing on a large scale of special categories of data referred to in Article 9 (1), or of personal data relating to criminal convictions and offenses referred to in Article 10; or
a systematic monitoring of a publicly accessible area on a large scale.