The building blocks of Compliance e: stonearch@protonmail.com t: 01706 559 022
Data Protection Impact Assessments
Privacy by design’ is a concept that features heavily in the legislation. Your organisation needs to be able to demonstrate that all processes and practices involving personal data have been adequately thought-out to incorporate the provisions of the UK GDPR.
A data protection impact assessment (DPIA) is a way of extracting the data protection requirements, and implementing measures to reduce as far as possible the impact on people’s privacy. A key part of these assessments is to conduct a detailed risk assessment to help you identify and mitigate the risks involved.
Importantly, DPIAs are a statutory requirement where the processing you conduct is likely to lead to a ‘high risk’ to the rights and freedoms of your data subjects. This means that in certain circumstances, by law, you must conduct an assessment. It is also advised by the Information Commissioner’s Office that even where there may not be high risks present, it is still a good idea to complete one of these assessments. It is also a great way to demonstrate your organisation’s accountability in complying with the legislation, which in itself is one of the requirements.
StoneArch also recommend that your organisation have embedded procedures and policy in place to ensure that DPIAs are considered whenever you do anything new, or change the way you process, personal data. Please see our the ‘policy creation’ services.