Application privacy impact assessments (PVK)¶
Before deploying any application that processes and/or stores data to nais, a privacy assessment (PVK) must be conducted. This PVK should be kept reasonably up-to-date through the life cycle of the application. Refer to the PVK process documentation for details (NAV internal link).
Ideally, the language in your PVK should be tech stack agnostic, meaning there will not be any need to change this document as components are changed or the application is moved between on-premises and cloud clusters. Any technology specific considerations belong in the risk assessment.
For migrating applications to the cloud, a document has been prepared to aid the PVK process internal for NAV NAIS i sky – personvern og sikkerhet. internal for NAV