What's a Data Privacy Impact Assessment (DPIA)? - Jaz'ing Up GDPR!
 Login | Forgot Password | My Account | Contact

What’s a Data Privacy Impact Assessment (DPIA)?

Linked to the idea of Privacy by Design, a DPIA gives the Data Controller a framework for identifying, assessing and reviewing privacy risks. Under the GDPR, your organisation is required to carry out a DPIA for any Processing activity that represents a “high risk” to the rights and freedoms of Data Subjects.

The Regulation makes specific reference to particular high risk activities, including the introduction of new technology into the organisation, the evaluation of data harvested through automated Processing and the Processing of sensitive data, such as medical records.

Beyond this, activities that, typically, demand a DPIA within an organisation might include:

  • a new product launch
  • a new mobile app for customers
  • a new IT system for staff to store and access customer account information
  • CCTV surveillance systems
  • evaluation of social media profiles to isolate customers within a particular demographic
  • a data-sharing initiative with another organisation
  • the introduction of staff-monitoring technology, such as internet usage tracking

The GDPR stipulates that a DPIA should:

  • include a description of the Processing activities and the its purposes
  • assess the necessity and proportionality of the Processing
  • assess the risks to the rights and freedoms of Data Subjects
  • set out the how an organisation plans to address those risks and ensure the GDPR compliance.

Where can I find out more information about {term}?

The Jaz'ing Up GDPR! book covers {term} in more detail in a fun and easy to understand way without all of the bureaucratic legalise that is common in all other books and discussions about the GDPR.

The book is full of cartoons and call outs to make it easier to grasp what GDPR is all about and is split into 3 main sections.

  • GDPR Nuts and Bolts explains everything you need to know about the GDPR and {term}.
  • Staff Toolbox that is designed for staff who work with personal data and need to get a grounding on the subject.
  • Your Rights as a Data Subject is written from the point of view of the individual person who is affected by the GDPR so that they know there rights and the types of things they will be asking for.

Find out more about the book here.

Was this answer helpful?
No 0
The information provided on this website is for educational purposes only and does not constitute legal advice. We recommend that you take the appropriate legal advice where you think it is needed.


Our website uses cookies. By continuing to use our site you are agreeing to our Cookie Policy. Please press the Accept button to allow our website to use cookies to provide you with the full features available.