A Data Protection Impact Assessment (DPIA) is a detailed risk assessment designed to identify risks arising out of the processing of personal data and to minimise these risks as far as possible.
It is used to identify any risks emerging from a new process or where processing is likely to cause a high risk to individuals – for example – a large number of CCTV cameras in operation or the use of Biometric Clock in system. It is necessary under law to carry out a DPIA before undertaking any new processing that could result in a high risk to individuals.
The Data Controller is responsible for ensuring the DPIA is carried out. It may be completed by someone else, internally within the organisation or externally, but the Data Controller is ultimately accountable.
The DPIA should be driven by people with appropriate expertise and knowledge of the project in question, normally the project team. If your organisation does not possess sufficient expertise and experience internally, or if a particular project is likely to hold a very high level of risk or affect a very large number of people, you may consider bringing in external specialists to consult on or to carry out the DPIA.
Let our team bring their expertise and knowledge in producing concise and thorough Data Protection Impact Assessment (DPIA).