“Not another process!” I hear you say as more reminders flood in about the General Data Protection Regulation (GDPR). Relax. Although a data protection impact assessment (DPIA) is mandatory for some types of processing, it focuses on high-risk situations and organisations should already be familiar with such risk assessments.
What is a DPIA?
Organisations that process personal data will need to conduct DPIAs for processes that represent a high risk to the rights and freedoms of data subjects in order to analyse and minimise those risks.
The Information Commissioner’s Office (ICO) says: “A DPIA is required in situations where data processing is likely to result in high risk to individuals. If a DPIA indicates that the data processing is high risk, and you cannot sufficiently address those risks, you will be required to consult the ICO to seek its opinion.”
A DPIA is essentially a risk assessment of data security, with strengthened measures and criteria to better protect personal information, especially for high-risk processes such as changing systems or large-scale processing.
This applies to organisations of any size in any country that process EU residents’ personal data.
Understand more about DPIAs with our free webinar
‘The GDPR and its requirements for implementing data protection impact assessments (DPIAs)’
Thursday, 7 September
3:00 pm (GMT)
If you are uncertain whether DPIAs apply to your organisation or you are just starting a GDPR compliance project, our ‘First Steps’ webinar series can provide advice and guidance.