GDPR Article 35 requires the controller to conduct a data protection impact assessment prior to the processing of personal data. This means that you need to know who has access to personal data and what privileges and possible vulnerabilities or risks of unauthorised access are at every stage of personal data processing. This includes access by third-party processors and vendors.

Submit a paper (500-750 words) in which you describe how you will follow the GDPR Article 35 guidelines by conducting a data protection impact assessment prior to the processing of personal data in your organisation or one you are familiar with. In your paper, you should:

• Describe how you would discover privileged user and application accounts across the enterprise
• Explain how easy or difficult it would be for an external attacker to use third-party access, and identify various critical pathways
• Explain how you would conduct impact assessments to show understanding of your areas of privileged access vulnerability