A Data Protection Impact Assessment (DPIA) is a report designed to limit the threats to an individual’s right in high-risk processing situations. It’s a complicated undertaking, so it’s helpful to avoid if it’s not actually necessary. However, as you might imagine, this broad definition has led to some controversy over which situations merit one. (If you’re in … ContinuedRead More
Under the GDPR each supervisory authority has to prepare and submit to the European Data Protection Board (EDPB) a list of processing operations that require organisations to conduct Data Privacy Impact Assessments (DPIA).Read More
If you’re in any doubt about whether the processing of personal data you do is within the parameters of the General Data Protection Regulation (GDPR) then you should carry out a DPIA because the penalty for not doing so – when it’s appropriate to – is a €10-million fine, or 2% of annual global turnover, whichever is greater.Read More
A Data Protection Impact Assessment is a process for building and demonstrating compliance with the GDPR.
It’s a process that an organisation can use to systematically describe its data processing purpose and operation, assess whether its processing is likely to result in risk for the data subjects concerned, and determine measures for addressing these risks.Read More