Skip to content
Snippets Groups Projects
Commit 19b2b006 authored by Mark Loveless's avatar Mark Loveless :tea: Committed by Kristen Tesh
Browse files

DPIA page has two broken links

parent 64f33282
No related branches found
No related tags found
Loading
......@@ -34,6 +34,6 @@ In determining whether a DPIA is legally required for a processing activity, Git
## How are DPIAs Conducted?
In the early stages of a project, when a new vendor/service provider is being considered, and at regular intervals during a project's lifecycle or the user of a vendor or service, a Privacy Review occurs. This review runs alongside the planning and development process or the selection of new vendors and tech stack tools and at key renewal dates. The outcome of the Privacy Review informs whether a full DPIA is necessary. The Privacy Team conducts these reviews in collaboration with Security to ensure that risks are identified, assessed, and managed according to GitLab's [security risk management process](/handbook/security/#risk-assessments). When a high level of risk is identified, the Privacy Team will collaborate with the relevant stakeholders to initiate and complete a DPIA. This typically will involve a Product Manager, business/technical owner, and the appropriate risk owner for the team.
In the early stages of a project, when a new vendor/service provider is being considered, and at regular intervals during a project's lifecycle or the user of a vendor or service, a Privacy Review occurs. This review runs alongside the planning and development process or the selection of new vendors and tech stack tools and at key renewal dates. The outcome of the Privacy Review informs whether a full DPIA is necessary. The Privacy Team conducts these reviews in collaboration with Security to ensure that risks are identified, assessed, and managed according to GitLab's [security risk management process](/handbook/security/security-assurance/security-risk/). When a high level of risk is identified, the Privacy Team will collaborate with the relevant stakeholders to initiate and complete a DPIA. This typically will involve a Product Manager, business/technical owner, and the appropriate risk owner for the team.
GitLab Team Members can obtain additional details about DPIAs and how they are conducted, included specifics about the workflow process [here] (https://internal.gitlab.com/handbook/legal-and-corporate-affairs/legal-privacy/) (*internal only*)
GitLab Team Members can obtain additional details about DPIAs and how they are conducted, included specifics about the workflow process [here](https://internal.gitlab.com/handbook/legal-and-corporate-affairs/legal-privacy/index.html/) (*internal only*).
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment