A Data Protection Impact Assessment (DPIA) is a procedure provided for in Article 35 of the GDPR. It consists of identifying and describing all processes involving personal data within a company. A DPIA is conducted to assess the data protection risks, search for the most vulnerable points in the security system, but most importantly — to develop procedures intended to prevent data breaches.
Results of the DPIA are summarised in a table that describes:
Conducting a DPIA is necessary in two cases: either immediately before the start of the collection and processing of personal data, or in the event of significant changes in the company's already investigated processes. For example, if you launch a new product, you must conduct a DPIA to assess the risks associated with the processing of personal data. Alternatively, the assessment is necessary when the processing environment changes (new hardware, software, processing rules are introduced), or when new categories of data are added to an already well-established process.
It is also necessary to carry out an assessment in the following situations:
1.Converting paper records and documents into electronic documents.
2. Combining multiple databases into one.
3. Incorporating personal data obtained from commercial sources into the company's existing database.
4. Making changes to the business process that leads to the collection and use of personal data.
5. Implementing projects using third-party suppliers.
6. Changes in personal data due to the addition of new types of information.
7. Adding new features to an existing product or service.
The regulation does not set out a clear frequency for conducting a DPIA, since its frequency depends directly on the company's activities. The intention behind the regulation is that every time you start a new project involving personal data, you must conduct a DPIA.
Interviewing employees, analyzing documents, searching for and detailing business processes that pose risks to users’ privacy is a long and tedious process that requires attention to detail.
We suggest that you don't waste time searching where the shoe pinches yourself, but instead seek help from certified data protection specialists who have conducted dozens of Data Protection Impact Assessments and know all the ins and outs of the procedure.
Step 1. Identification of the context, value, and scope of processing.
Step 2. Identification and analysis of the mechanisms that allow data subjects to exercise their rights.
Step 3. Analysis of the data protection mechanisms implemented.
Step 4. Identification of the at-risk actors involved in the processing, sources of threats, and potential breaches of privacy.
Step 5. Evaluation of the likelihood of risk and severity of consequences for data subjects.
Step 6. Selection of tactics to minimize the risk, development of the action plan, time frames, and people responsible for data security.
✓ Compliance with Article 35 of the Regulation in case of inspection by the Supervisory authority.
✓ A table describing the movement of all personal data in the company to further work towards compliance.
✓ Summary on the DPIA conducted to demonstrate your company's compliance with the GDPR to customers and partners.
Our consultants have developed several DPIA checklists to comply with the GDPR:
3.We always carry out a DPIA if we plan to:
Fill out the form and you will:
✓Be able to ask questions in the field of personal data protection.
✓ Find out if this product is suitable for your company or project.
✓ Get directions on cost, duration, and other details.
We will be happy to talk and schedule an online meeting with a privacy expert!
P.S. Seemed that none of the services listed on the site is suitable for you?
Describe your situation in the "Comment" field. We are very flexible and always offer customized solutions.