We get a lot of our customers asking us where to begin with their GDPR compliance. It seems all too overwhelming and time consuming however there are processes set out by the Information Commissioner for us all to follow and it starts with the Data Protection Impact Assessment (DPIA). The way I like to describe it is it’s like your other risk assessments whether Health & Safety or Financial we are all frequently running impact assessments according to the needs of our business and this is another one.
A good place to start with your assessment is using our GDPR checklist this will give you an overview of what you are assessing.
A DPIA is a way for you to take a good look at your processing including why, where and how you do it and help you identify and minimise data protection risks.
DPIAs should consider the risks, the rights and freedoms of individuals, including the potential for any significant social or economic disadvantage. The focus is on the potential for harm – to individuals or to society at large, whether it is physical, material or non-material.
The level of risk is gauged by the impact on individuals, a DPIA does not have to eradicate the risks altogether, but its goal is to minimise risks and assess whether or not the remaining risks are justified.
Although DPIAs are a legal requirement for processing data they can also provide broader compliance, financial and reputational benefits, helping you demonstrate accountability to your customers. Even if there is no specific indication of likely high risk, it is good practice to do a DPIA for any use of personal data.
The DPIA should be an on-going process and be regularly reviewed to ensure compliance. To help you with the process please use our DPIA form.
If you have any questions drop me an email: Pauline Murphy, CEO firstname.lastname@example.org