Category: DPIA

DPIA: 5 Situations Where May (or May Not) Need One

A Data Protection Impact Assessment (DPIA) is a report designed to limit the threats to an individual’s right in high-risk processing situations. It’s a complicated undertaking, so it’s helpful to avoid if it’s not actually necessary. However, as you might imagine, this broad definition has led to some controversy over which situations merit one. (If you’re in … Continued

Read More

When a DPIA is necessary – the Irish perspective

Under the GDPR each supervisory authority has to prepare and submit to the European Data Protection Board (EDPB) a list of processing operations that require organisations to conduct Data Privacy Impact Assessments (DPIA).

Read More

Using Data Protection Impact Assessments to assess risky processing activities

If you’re in any doubt about whether the processing of personal data you do is within the parameters of the General Data Protection Regulation (GDPR) then you should carry out a DPIA because the penalty for not doing so – when it’s appropriate to – is a €10-million fine, or 2% of annual global turnover, whichever is greater.

Read More

Finalised GDPR Data Protection Impact Assessment (DPIA) guidelines released by WP29

A Data Protection Impact Assessment is a process for building and demonstrating compliance with the GDPR.

It’s a process that an organisation can use to systematically describe its data processing purpose and operation, assess whether its processing is likely to result in risk for the data subjects concerned, and determine measures for addressing these risks.

Read More