Accredited Member Employees

Corporate Accreditation

Accredited Member Employees

Corporate Accreditation

Accredited Member Employees

Corporate Accreditation

Data Protection Impact Assessments (DPIA) is a risk analysis exercise which focuses on the benefits of data processing to which involves personal data and the impact or risk involved involving data subjects by carrying out that particular business process.

The DPIA assesses and identifies risk so it can be mitigated which is an important part of privacy by design.

There are several reasons under the new EU data protection regulations (GDPR) why a DPIA would be carried out, below is a checklist which will determine whether one would be necessary.

  • You have not carried out a DPIA before
  • A new process is introduced within your business which involves personal data
  • General data processing as part of your business activities could pose a risk or an incident involving personal data
  • Processing old / historic personal data. (Following a data minimisation review)
  • Changes of risk being presented to your processing activities
  • New technology being introduced to your business
  • If sensitive category data is being processed on a large scale
  • Monitoring of public locations or areas on a large scale
  • Processing personal data including IP Addresses and using them to make decisions in relation to the data subject
  • If there is a change regarding the risk represented by processing operations
  • If a process is carried out without human involvement and instead using technology.

Who in my business is responsible to carry out a DPIA?

DPIA should be carried out by your Data Protection Officer, if you don’t have a Data Protection Officer you will need to ensure that there is a person within your organisation to take responsibility.

You can also outsource your regulatory obligations to a data protection officer, we provide this service which is more cost effective than employing someone and you would have experts leading your compliance plan, you could also outsource projects should you feel you don’t require a full time data protection officer.

What are the benefits of a DPIA?

Carrying out an effective DPIA should benefit the people affected by a project and also the organisation carrying out the project. It is often the most effective way to demonstrate to the ICO how personal data processing complies with all data protection regulations.

The first benefit to individuals will be that they can be reassured that the organisations that use their information have followed best practice. A project which has been subject to a DPIA should be less privacy intrusive and therefore less likely to affect individuals in a negative way.

A second benefit to individuals is that a DPIA should improve transparency and make it easier for them to understand how and why their information is being used.

Organisations that conduct effective DPIAs should also benefit. The process of conducting the assessment will improve how information that impacts on individual privacy is used. This should in turn reduce the likelihood of the organisation failing to meet its legal obligations under the data protection regulations and of a breach of the legislation occurring.

Conducting and publicising a DPIA will help an organisation to build trust with the people using their services. The actions taken during and after the DPIA process can improve an organisation’s understanding of their customers.

There can be financial benefits to conducting a DDPIA. Identifying a problem early will generally require a simpler and less costly solution. A DPIA can also reduce the ongoing costs of a project by minimising the amount of information being collected or used where this is possible, and devising more straightforward processes for employees. More generally, consistent use of DPIAs will increase the awareness of privacy and data protection issues within an organisation and ensure that all relevant employees involved in designing projects think about privacy at the early stages of a project

If you require further guidance regarding DPIA’s or anything data protection related contact our team we will be more than happy to assist you.

Get in touch