1. Data Protection Impact Assessments
Privacy Impact Assessments (PIA’s) or Data Protection Impact Assessments
(DPIA’s as they are called under GDPR)
DPIAs are the starting blocks to building a privacy by design approach, with transparency and accountability, as required under GDPR regulations, they are also mandatory in certain circumstances. A DPIA will allow organisations to find and fix problems at the early stages of any project, reducing the associated costs and damage to reputation that might otherwise accompany a breach of data protection regulations. Such projects could include a new business acquisition, a new service, or even a new marketing campaign targeting a group of prospects. Privacy impact assessments also help to meet the growing privacy and data security expectations of customers, employees and other stakeholders.
Data Protection Impact Assessments screening questions
The questions below will help your organisation decide whether a DPIA is necessary. Answering ‘yes’ to any of these questions is an indication that a DPIA is a good idea to ensure your compliance with GDPR.
- Will the project involve the collection of new information about individuals?
- Will the project compel individuals to provide information about themselves?
- Will information about individuals be disclosed to organisations or people who have not previously had routine access to the information?
- Are you using information about individuals for a purpose it is not currently used for, or in a way it is not currently used?
- Does the project involve you using new technology which might be perceived as being privacy intrusive? For example, the use of biometrics or facial recognition.
- Will the project result in you making decisions or taking action against individuals in ways which can have a significant impact on them?
- Is the information about individuals of a kind particularly likely to raise privacy concerns or expectations? For example, health records, criminal records or other information that people would consider to be particularly private.
- Will the project require you to contact individuals in ways which they may find intrusive?
We can carry out a PIA on your behalf or assist you to carry it out.