GUIDANCE – DATA PROTECTION IMPACT ASSESSMENT (DPIA)
A Data Protection Impact Assessment (DPIA) is a documenting process designed to describe the processing of data, assess the necessity and proportionality of that processing and to help manage the risks to the rights and freedoms of individuals. DPIA’s are mandatory in some cases.
Conducting a DPIA will improve awareness in the Company of the data protection risks associated with a project. There is also financial benefit in undertaking a DPIA. Identifying a problem early could be cheaper than trying to fix the problem later.
DPIA’s are also an important tool for accountability, as they help the Company demonstrate that appropriate measures have been taken to ensure compliance with the GDPR. Similarly, for new projects, DPIA’s are a vital part of data protection by design.
- Content of a DPIA
- When is a DPIA mandatory
- When is a DPIA not required
- Who should carry out a DPIA
- When should a DPIA be carried out
- Identifying the data protection risks
- Possible solutions