The assessment of impact on personal information protection shall include the following contents:
- whether the purposes and means of personal information handling, are legitimate, justified and necessary;
- the impact on individuals’ rights and interests, and security risks; and
- whether the protection measures taken are legitimate, effective, and compatible with the degree of risks.
The report of the impact assessment on personal information protection and the handling record shall be retained for at least three years.
Related provisions:
- Conditions requiring an impact assessment
- Legal bases for handling personal information
- Technical and organizational security measures
Relevant PIPL Compliance Documents
(Subscription Services Required)
For detailed information on XL Law Subscription content, click here or email subscriptions@xllawconsulting.com.