DPIA – Data Protection Impact Assessment
DPIA – Data Protection Impact Assessment is recommended by the Information Commissioner’s Office (ICO) for a number of years. The General Data Protection Regulation (GDPR) is now in force, as a result, a DPIA is not just best practice it’s mandatory in certain circumstances. The introduction of any new IT system or business process that poses a high risk to data subjects, first of all, requires a Data Protection Impact Assessment (DPIA).
The complex nature of the GDPR is driving businesses to review their processes, consequently, the result is significant business change. FileOM leverages GDPR expertise together with technology and change management experience. We help businesses manage DPIA change effectively, all the while, ensuring Privacy by Design and Default becomes the “new normal”.
GDPR-led transformation projects can involve rethinking or a complete re-design of business processes, therefore, our methodology is flexible and scalable. As a result, we perform an unbiased examination of your current organisational structure, processes and systems. Then make recommendations or re-engineer business processes, all in-line with the GDPR.
Data Protection Impact Assessment:
- DPIA is for projects that process personal data;
- We help identify and minimise the data protection risks of these projects
- Assess the level of risk and impact on individuals
- Define the nature, scope, context and purposes of the processing
- Include how best to consult individuals (or their representatives) and other relevant stakeholders
- Define a policy to engage the data protection officer
- Ensure that processing is necessary for and proportionate to the purpose
- We help identify measures to eliminate or reduce high risks
- We identify measures we can put in place to eliminate or reduce high risks
- A record is kept of the outcome from the DPIA
Visit our GDPR Compliance Packages page for help with compliance.