| | Data Protection Impact Assessment | | |
|---|
| 1. Data Protection Impact Assessment: | | 1. This Data Protection Impact Assessment (DPIA) and Privacy Impact Assessment (PIA) is the responsibility of the Data Protection Officer (DPO) appointed by the Application Service Provider (ASP) and Data Processor on behalf of the Owner and Data Controller. This DPIA complies with General Data Protection Regulations (GDPR) and advice provided by the Information Commissioners Office (ICO). | | 2. This DPIA concerns the Bespoke Application Service (BAS) that is owned by the Data Controller and provided by the ASP. The BAS is provided as standard HTML web pages upon request using encrypted Internet communications - no software is provided. | | 3. Article 35 of GDPR states that the creation and maintenance of this DPIA is a legal obligation. The scope of this DPIA is limited to the business data processed by the Bespoke Application Service as provided by the Application Service Provider. The Owner is responsible for their own DPIA, data breach reporting, monitoring and protection of data stored in emails and on local computers. |
| 1.1. ERA Abstract: | | 1. Encryption is used for all business data stored in the Bespoke Application Service so business data cannot be stolen - all stored data is meaningless and worthless to a criminal. | | 2. Replication of all encrypted data to a large number of secure data centers is used to business data cannot be lost - copies of stored data can be retrieved from each distributed data center. | | 3. Authentication as sign in requests are monitored 24*7 to ensure that approved people can have access to business data and any criminal behaviour is stopped. |
| 1.2. Methodology: | | 1. The Data Protection Officer has strategic responsibility to manage this DPIA as the official published statement of data protection by the Data Processor. | | 2. The Information Security Manager has tactical responsibility to implement all appropriate security measures to mitigate the threats and risks identified by the DPO. | | 3. The Risk Manager has responsibility to manage risk to the Bespoke Application Service is compliance with ISO 31000 Risk Management Standard. Risks are caused by threats and risks are mitigated by security measures. | | 3. People tend to have little appreciation for privacy until it is lost - a person who has lost their identity or had their identity stolen has no worth and no purpose. Most people cannot be trusted to keep their own Personally Identifiable Information (PII) private, but any company that stores that PII has a legal obligation to keep that PII private. DPIA is about understanding such risks and using security measures that work in an effective way, even when people are not behaving as they should. |
| 1.3. Legal Obligations: | | 1. Business is conducted according to laws and regulations. | | 2. Privacy Notice is a legal obligation that must be made available to all customers and suppliers. | | 3. Subject Access Request is a legal obligation that must be provided for business associates and the public. | | SAR : Subject Access Request process... |
| 2. Data Classification: | | 1. Four and only four kinds of data are involved with BAS as: | | (1) Business Data means all data processed by the Data Controller using BAS. | | (2) Uploaded Files means files uploaded by the Data Controller and stored with an assigned file name in folders that are not accessible from the Internet. | | (3) Private Web Pages means one-time private web pages that can only be requested by and approved person. | | (4) Public Web Pages means one-time public web pages that may be requested by any person making a request from an approved geo-location. | | 2. A policy is to keep the data design simple so it is easy to protect and hard to get the wrong classification. |
| 2.1. Business Data Class: | | 1. All business data processed by approved people using the Bespoke Application Service has the same classification and is encrypted. | | 2. All Personally Identifiable Information (PII) such as customer contract names are protected-by-design using pseudonymisation and many layers of encryption in compliance with GDPR article 25. | | 3. All business data that was traditionally stored in a database is encrypted and hidden to prevent it from being stolen. | | 4. All encrypted data is replicated to a large number of secure data centers to prevent it from being lost. | | 5. Business data may include: | | (1) Customer data including contact names and date of birth. | | (2) Prospect data including contact names. | | (3) Site data including contact names. | | (4) Service data including contact names. | | (5) Contract data. | | (6) Supplier data including contact names. | | (7) Tariff data. | | (8) Approved Person data including names and email addresses. | | (9) Task data. | | (10) Finance data. | | (11) Message data. | | (12) Knowledge as business rules. | | (13) Evidence Trail as when who did what. |
| 2.2. Uploaded File Class: | | 1. All files uploaded by approved people into the Bespoke Application Service are encapsulated with an assigned name and moved to secret folders that cannot be accessed from the Internet. | | 2. No uploaded file is permitted to be opened on a server - no application programs are permitted to be executed on a server. | | 3. Any uploaded file may be downloaded to a local computer where it may be viewed. | | 3. An uploaded file cannot be changed or deleted - it is frozen at the point of upload. |
| 2.3. Private Web Page Class: | | 1. The Bespoke Application Service includes a Document Management Service (DMS) that will generate private web pages upon request. | | 2. Generated one-time web pages cannot be corrupted or injected with malware because they are never stored and never reused. | | 3. Document Management Service (DMS) information is treated as business data. |
| 2.4. Public Web Page Class: | | 1. The Bespoke Application Service includes a Document Management Service (DMS) that will generate public web pages upon request. | | 2. Generated one-time web pages cannot be corrupted or injected with malware because they are never stored and never reused. | | 3. Document Management Service (DMS) information is treated like business data. | | 4. Public web pages include images, cascade style sheets (CSS) and script files that are part of some one-time web pages. | | 5. Public CSS and script files are catched using Google and Microsoft servers to speed-up download times. |
| 2.5. Data Sovereignty: | | 1. Business data is never stored anywhere - business data may persist in memory for less than one second for any transaction. | | 2. All business data is encrypted and replicated to a large number of secure data centers in the UK. | | 3. Regulated sectors such as: finance, healthcare and government require the location of business data to be disclosed. Encrypted data is replicated to tier-4 data centers in Newbury Berks, Sandwich Kent, Telehouse London and many other places. Encrypted data is NOT stored in any USA owned data center such as Amazon, Google or Microsoft. | | 4. Encrypted data is is fragmented with different layers encryption methods used in different data ccnters. The data stored in one data center is very different to the data stored in another data center. By design, it is a plausable fact to state that business data is not stored in any data center. By design, encrypted data is fragmented into a very large number of files that are hidden in images that are lost in massive image libraries. | | 5. Fake data and test data is encrypted with real data using various encryption methods that mean that a plausable decryption of a fragment is just fake test data that sheilds real business data. |
| 3. Risk and Threat Analysis: | | 1. Open Web Application Security Project (OSWASP) have published the top vulnerabilities and each year these have been subject to external penetration testing. | | 2. Threats are classified and managed as: | | (1) Injection of malware into data entry controls or URL. | | (2) Broken Authentication. | | (3) Sensitive Data Exposure. | | (4) XML External Entities. | | (5) Broken Access Control. | | (6) Security Misconfiguration. | | (7) Cross-Site Scripting. | | (8) Insecure Deserialisation. | | (9) Using Bad Components. | | (10) Insufficient Logging and Monitoring. | | 3. Each of these real and successful attacks on the protection of data are caused by executives that imagine the data protection is somebody elses job and it could not happen here. So many times the report is "I thought we were too small to be attacked by criminals" as if criminals cared about the size and capability of the company. | | 4. In practice, many hundreds of different vulnerabilities are reported in the press and a role of the Application Service Provider is to stay well informed and take appropriate measures to be one step ahead of the criminals. Over the past 20 years, the only consistent factor is that criminals have become more professional and more sophisticated attacks happen every year - this is a cryber war. | | 5. The Application Service Provider is in the unique position of operating many hundreds of online application services and has been attacked many hundreds of times every day for the past 20 years. The amount of knowledge that has accumulated about criminal behaviour is considerable and exceeds that of a company that only operates their own local web site. |
| 3.1. Risk: Injection: | | 1. Injection risks are where data enters the Bespoke Application Service via a data entry field or the URL. | | 2. A URL encryption method is deployed to eliminate any possibility of the URL being changed in any way. | | 3. A data entry sanitation method is deployed to eliminate any possibility of invalid character codes being entered and stored. | | 4. SQL has been phased out as NoSQL has taken over without the risk of SQL injection. |
| 3.2. Risk: Broken Authentication: | | 1. Authentication has continually evolved for 20 years to deploy an Identity and Access Management (IAM) service of first class quality. | | 2. A ten-factor authentication method is used to identify approved people using registered equipment over authorized networks from known locations. | | 3. Assigned pass-phrases and registration using a one-time access-code has eliminated traditional password problems. | | 4. While most forgotten password procedures can be cracked by criminals, the one-time access-code does not the same vulnerabilities. | | 5. Obsolete practices such as regular changing of passwords has never been deployed and it serves no purpose. | | 6. Permanent pass-phrases are assigned by algorithmic deduction and never stored so they can never be stolen or viewed by any other person. |
| 3.3. Risk: Sensitive Data Exposure: | | 1. All business data is encrypted so normal criminal attack methods do not work. | | 2. Criminals cannot use zero-day vulnerabilities because no application software is installed and can execute on any server. | | 3. The majority of Application Service Provider people can only see encrypted data and cannot expose any business data. A few members of the Second Level Support (SLS) team have normal approved person rights to sign-in and process business data when needed by a documented support request by the Data Controller. The Second Level Support team operate under the direction of the Request Fulfilment Manaager (RFM) on behalf of the Data Controller. |
| 3.4. Risk: XML External Entity: (XXE) | | 1. XML external entities are problems from an older generation of servers that were eliminated many years ago. | | 2. Criminals cannot access internal files using file URI handlers because no internal files are stored in a folder that can be accessed from the Internet. | | 3. Criminals cannot access data using file shares on Window servers because file shares are never used and Window servers are never used. | | 4. Criminals cannot use remote code execution because each server does one and only one very specific job with all other services disabled. | | 5. Because every one-time web page is generated upon request, no criminal attack on a web page can have any impact on any other web page. |
| 3.5. Risk: Broker Access Control: | | 1. Both data and function access control has continually improved over 20 years to provide a first class service. | | 2. The Access Control Manager is responsible to assign approved people a role that limits the data they may view and the functions they can use. | | 3. BAS is fragmented into sites, offices and branches with access control as to who can access such data. | | 4. BAS is fragmented into functions that can only be viewed and only used by approved people who have the applicable rights. | | 5. Approved people may approve new people with rights up to and including their own rights, but no other rights. | | 6. An approved person may move from one branch to another and their rights will move as required. |
| 3.6. Risk: Security Misconfiguration: | | 1. As applications become more complex it becomes easier to get the configuration wrong. | | 2. The Information Security Manager is responsible for configuring applicable security measures as specified by the Data Protection Officer. Penetration testing by external security engineers are then used to verify that all security measures are working according to what has been specified. | | 3. Security is an endless journey that can be made easier by purposefully simplifing application design and using external professional engineers to test to effectiveness of the measures used. | | 4. By eliminating the use of standard frameworks link WordPress, the majority of security issues can be eliminated. | | 4. The one program architecture minimises the security surface to one program that can be seen by criminals and all focus goes into protecting that one program. |
| 3.7. Risk: Cross-Site Scripting: (XSS) | | 1. Every web page is standard HTML that is generated upon request and never reused. | | 2. Every date entry field value is sanitised to remove impropper codes that could be used as malware. | | 3. JavaScript files are catched to a very large number of remote servers so they cannot be corrupted and reused. | | 4. Application programming has been eliminated so XSS risks have been eliminated - program code does not exist to be attacked. | | 5. Because session data can be hijacked by a criminal, a pseudo session is created and used that is unknown to the criminal. |
| 3.8. Risk: Insecure Deserialisation: | | 1. The serialisation of objects has been eliminated and so the risk of insecure deserialisation has been eliminated. | | 2. An encrypted URL design is deployed to prevent transactions being replayed, corrupted or spoofed by criminals. | | 3. Serialisation errors could result in remote code execution and elevation of privileges, so such levels of complexity have been stopped. | | 4. Virtualisation and serialisation has been replaced with a large number of single purpose servers that are more resilient and more secure. | | 5. Servers have remote code execution disabled and application program execution disabled to mitigate serialisation risks. |
| 3.9. Risk: Using Bad Components: | | 1. All programs have vulnerabilities that are known or are yet to be discovered, so all application programming was eliminated. | | 2. The use of standard frameworks, libraries and software is not permitted to be installed on any server. | | 3. The use of an Application Progrmaming Interface (API) to other web services has been eliminated because the API cannot be proven to be 100% secure. | | 4. Evidence has shown that application software sold by Adobe and Microsoft is not fit for purpose and is not permitted to be installed or used on any server. The same policy should also apply to any application software promoted by Google, Oracle, SAP and Apple. | | 5. Any system software that needs to be patched more than once every 6 to 12 months is not safe to use and should be replaced by more stable system software. |
| 3.10. Risk: Insufficient Logging and Monitoring: | | 1. The Incident Control Manager is responsible to monitor all data center activities 24*7 with adequate tools. | | 2. It has been shown that some companies have hackers downloading data for many months because the company did not have adequate monitoring. | | 3. The most significant factor that has happened in the past 20 years is that Incident Detection and Prevention servers have evolved to analyse all Internet traffic and ensure that abnormal behaviour is stopped. | | 4. Every network used must be registered and monitored. Every device used must be registed and monitored. Every geo-location used must be known and approved. Behaviour must be recorded and used to identify a change caused by an imposter. |
| 4. Security Measures: | | 1. Data Encryption is the primary security measure that prevents business data from being stolen and eliminates the risk of a reportable data breach. Many thousands of different encryption methods are used in layers so if one encryption method is cracked, the data remains protected by many other encryption layers. The number of layers of encryption used is variable and unknowable. | | 2. Data Replication is the complementaty security measure that prevents business data from being lost. In the event that one data center is not available, business continues to be provided by another data center using replicated data. | | 3. Authentication has evolved over 20 years to be the very best that the worlds security experts can design. Sign-in using ten factors with a permanent pass-phrase or one-time access-code with a registered device in a known location at a reasonable time of day and day of week. The behaviour of approved people is recorded so bad behaviour of an imposter can be detected and stopped. | | 4. Monitoring has evolved to be very comprehensive ith 24*7 coverage by people in different continents. Intrusion detection and prevention is continually evolving to better understand the behaviour of criminals and state sponsored agents. The founation architecture of the application is based on an artificial intelligent assistant that monitors everything in a single consistent way. | | 5. URL Encryption means that the URL cannot be changed by a criminal to gain access to a different facility or data. Keys used in the URL cannot be changed because the keys are just part of a complex encrypted string that will be blocked if changed in any way. Very different URL encryption methods are used by different parts of an application so if a person learns how one part works, they will have no knowledge of how another part works. | | 6. Sanitation of data entry means that permitted characters and permitted values are strictly enforced to eliminate HTML, XML and unusual character codes that could have alternative meanings. By design, field values tend to be integers or a string of simple ANSII characters in the range 32 to 126. Because every field value is encrypted, script strings cannot be stored to cause later security problems. | | 7. Knowledge as declarative business rules are used to drive the Artificial Intelligent Assistant known as Eliza that provides the Bespoke Application Service. Knowledge cannot be hacked and cannot have malware injected. No press report has ever shown that knowledge can be stolen and used by a criminal. The replacement of application programming with Knowledge Engineering has created a secure environment that is beyond the understanding of most criminals. | | 8. One Program Architecture minimises the security surface to a single program that criminals can see and attack. This one program is attacked hundreds of times every day and is professionally attacked by external security engineerers as periodica penetration tests. It is much easier to protect one program with continual improvements, rather than thousands of hand-crafted programs in a traditional online system. | | 9. Three Tier Architecture is generally agreed to be the most secure hardware arrangement that the world has ever designed. A large number of single purpose servers are configured so each does one job with all other services disabled. A web server has no knowledge of any application requirement and has not got access to any business data. An application server has no knowledge of web HTML communications, but is able to process all business requirements within a fraction of a second. A database server is not connected to the Internet and knows nothing of business requirements - its job is just to store and retrieve data upon request. | | 10. Document Management Service is used to generate every one-time web page as standard HTML-5 code upon request. If a web page is corrupted or hacked, it only impacts the person who hacked it - the HTML web page is never used again. This applies to public, private and secure business web pages. | | 11. Education is provided for all people involved in providing application services no matter what their job title may be. An indepth awareness of all legal obligations is mandated. "I did not know the law" is not an acceptable defence. Every process and procedure must fully comply with the protection policies as specified. For example; people must NOT leak private, confidential or sensitive business information by phone or email - encrypted business message services MUST be used. |
| 4.1. Penetration Testing: | | 1. External penetration tests are scheduled for every 6 weeks with documented evidence of the results. | | 2. Internal penetration tests are scheduled for every three months with documented evidence of the outcomes. | | 3. External penetration tests by external security engineers are scheduled for every 6 months with a standard security report. | | 4. Internal penetration tests by external security engineers are scheduled for every 12 months with a standard security report. For the past 20 years, the first two weeks in August have been scheduled for external and internal penetration tests by external security firms. | | 5. Hardware and application architectures have evolved with continual improvements driven by regular penetration testing. As the architectures have become simpler, protection, privacy and security has increased. Where business requirements become overly complex, then protection issues are discovered. | | 6. Monitoring security breaches around the world is a fundamental part of staying one step ahead of the criminals. As soon as a new vulnerability is discovered, hundreds of attacks will follow hunting down the company that has not patched, has legacy software installed and inadequate monitoring. | | 7. Policy: a security data breach is not acceptable and every person involved will be fired (or worse) without exception. No matter what the cost or what the measure has to be to stop all data breaches, then that security measure MUST be deployed. It is not acceptable to say the the attack was "too sophisticated" - the only solution is that a data breach cannot happen and will not happen. | | 8. The organisation structure is tested by external security engineers to see if people can be intimidated into disclosing information or if people can be impersonated into any kind of disclosure. Where a First Line Support person uses a non-standard procedure to help a lady crying on the phone because she forgot her password - they shall be instantly removed. Penetration testing involves social media attacks, email attacks, attacks on friends and family; and every journey that a criminal may use to gain a benefit. First Line Support people do not have permission to disclose or confirm the identity of any living person - people must formally consent to have their name used before their name is used in any context. | | 9. The organisation have deployed elimination or mitigation measures for all types of known vulnerabilities, and external security consultants are contracted to identify unknown vulnerabilities. Experience shows that where ever extreme levels of business complexity has evolved, then the threat of vulnerabilities will have evolved. | | 10. At any time, the Owner and Data Controller can contract their own security consultants to independently audit the Bespoke Application Service. The scope of the penetration tests can be determined by the Data Controller and they may be with or without the cooperation of the Data Processor. Suitably qualified security consultants typically cost one thousand pounds per day and an external-internal penetration test may take up to ten days. Experience and press reports indicate that 75% of penetration test issues are false positives. Penetration testing tends to report potential issues and not just real problems. |
| 4.2. Risk Factors: | | 1. Risk and threat management may use factors with scores to identify exploitability, prevelance, detectability and impact. | | 2. Threat expoitability and detectability may be: | | (6) Easy as the only default. | | (6) Average. | | (6) Difficult. | | 3. Threat Prevelance may be: | | (6) Common as the only default. | | (6) Widespread. | | 3. Threat Impact may be: | | (6) Severe as the only default. | | (6) Moderate. | | 4. The Risk Manager has been directed to treat every technical and business impact as "Severe" without exception. The entire organisation has been directed to eliminate each and every threat, regardless of cost. The cost of a data breach significantly exceeds the cost of all data protection measures. | | 5. It is not relevant if an attack is easy or difficult, it is only important that the attack is stopped in each and every situation without any exception. It is not relevant if the prevelance of a weakness is common or widespread - that weakness must be eliminated and not just reduced. |
| 4.3. Reportable Data Breach: | | 1. The Data Protection Officer (DPO) is responsible and is the single point of contact for all communications with the Information Commissioners Office ragarding any data breach ivestigation. | | 2. The Data Protection Officer has Board level access to demand that adequate resources needed to ensure that a data breach never becomes reportable. | | 3. The career of the Information Security Manager is also on the line to ensure that security measures are adequate to prevent any kind of reportable data breach. | | 4. The Data Protection Officer has responsibility to every other member of the team to ensure they are not removed because of a reportable data breach. Every team member is dependent on the skill and professionalism of the Data Protection Officer to keep their job - everybody is responsible for data protection and nobody can say it was not my job. |
| 4.4. Pseudonymisation: | | 1. Article 25 of GDPR requires data to be stored with respect to modern methods and protection-by-design and protection-by-default. | | 2. Pseudonymisation replaces a field value such as a person name with a token in a record so if the record is disclosed, the persons name is not disclosed. | | 3. The token is an offset into an image that stores an encrypted version of the person name in a meaningless way. | | 4. If the image is disclosed, the image contains string of numbers where some numbers are tokens and some numbers are encrypted persons names. The string of numbers stored in an image are encrypted many times using different methods to eliminate all possibility of names being deduced by massive processing power. Considerable amounts of test data fake names are included in the image using a simple encryption method as a means to mask the real names. |
| 4.5. Knowledge: | | 1. A reason that the Bespoke Application Service is safe and secure is because it is provided by an Artificial Intelligent Assistant that is driven by knowledge. | | 2. Knowledge is derived from policies and procedures and expressed as business rules using the "cause and consequence" syntax. | | 3. Knowledge is specified as a Fourth Generation Language (4GL) that is declarative and stored as encrypted business data. | | 4. It may not be possible for a criminal to hack knowledge or to steal knowledge and be able to gain from the knowledge. | | 5. Data objects and properties are expressed as glyphs - every field has a unique glyph that is used when knowledge references that field. | | 6. Functions and pages are expressed as glyphs - every web page has a unique glyph that is used when knowledge references that page. | | 7. The natural language of the Artificial Intelligent Assistant is glyphs that can be translated into fields and functions, but this would be an expensive and tiresome exercise. | | 8. As Eliza is taught new skills; business rules and 4GL declarations are generated using glyphs with a greater precision than could be expressed in human languages. | | 9. Errors of omission and errors of conflict can still be taught to Eliza, but that is much better than progrmming errors with security vulnerabilities. |
| 5. Security: | | 1. Security of the Bespoke Application Service is part of the mission statement with many security policies. | | 2. A security policy is Data Fragmentation that has an objective to ensure that fake test data is more plausable than real data. | | 3. A security policy is Alternative Data Streams that has an objective to ensure that stored data objects are unknowable. | | 4. A security policy is Protected Date of Birth that has an objective to ensure that DOB cannot be decrypted by other parties. |
| 5.1 Data Fragmentation Policy: | | 1. Objective: | | * It is a business imperative that information encrypted in a data center cannot be read with any precision or proof. | | * It is assumed that unknown parties may gain physical access to servers in secure data centers and copy everything for analysis. | | * It is assumed that unknown parties may gain access to networks in secure data centers and copy everything for analysis. | | * It is a business requirement that unknown parties are not able to differenciate between real data, test data and fake data that is hidden in images. | | 2. Policy: | | * Certain field values are fragmented into a series of partial values and each part is replaced with a pseudonymised token. | | * The pseudonymised tokens and partial values are encrypted using different methods in many layers. | | * The encrypted results are hidden in images and images are hidden in a massive encrypted library of similar images. | | * Pseudonymised data includes test data and fake data that is encrypted using simpler methods that will show plausable results while shielding the real partial values. | | * When using powerful computing engines to decrypt data stored in images, the partial results that are mixed with fake results will obfuscate the conclusions. | | * It must be unknowable what image data relates to what tokens stored in real records. |
| 5.2 Alternative Data Stream Policy: | | 1. Objective: | | * It is a business imperative that knowledge about how data is stored is protected by encryption and other means. | | * Most people are not aware that a file can contain Alternative Data Streams (ADS) that are totally hidden from normal file explorer services. | | * A business requirement is that meta data about stored data is unknowable, is encrypted and it expressed in a glyph notation that may not be readable. | | 2. Policy: | | * Every stored data record is defined by its Fourth Generation Language (4GL) declarative business rule that is hidden in an ADS. | | * A major benefit is that is the file is copied using a flash drive or upload, the ADS is not copied and remains secret. | | * Stored data will evolve and so its 4GL will enable old and new editions of a data structure to coexist at the same time. | | * Stored data must known its own edition number, size of token, encryption method for token and encryption method for values - all recorded as glyphs. | | * 4GL is expressed in glyphs that is the mathematics of the Artificial Intelligent Assistant - Eliza. |
| 5.2 Protected Date of Birth Policy: | | 1. Objective: | | * It is a business imperative that Personally Identifiable Information (PII) is treated with respect and encrypted in very secure ways. | | * A requirement is that even a person who fully understands the protection methods deployed, will find it impractical to decrypt a single date or birth, even if its their own. | | 2. Policy: | | * Every date of birth field is replaced with a token that is an offset to other data stored in an image. | | * Date of birth is stored as a positive or negative integer number that is (1) the number of units of seconds (2) since a historic event. | | * The number of units of seconds is based on other information stored about the person; such as 2345 second units. | | * The historic event is based on other information stored about the person; such as the Battle of the Somme (BoS). | | * Obfuscation of the dependent data and the algorithms used to derive the component parts means that a calculation that is easy for an Artificial Intelligent Assistant can be impractical for a person. |
| Document Control. | | 1. Document Title: Data Protection Impact Assessment. | | 2. Description: Bespoke Application Service: Data Protection Impact Assessment. | | 3. Keywords: Bespoke Application Service, Data Protection Impact Assessment. | | 4. Privacy: Shared with approved people for the benefit of humanity. | | 5. Edition: 1.1. | | 6. Issued: 2 Jan 2018. |
|
|