Data Protection Impact Assessment

What is this?

A Data Protection Impact Assessment, or DPIA, is a technique for ensuring that privacy considerations are built into new activities – for example the introduction of a Customer Relationship Management system – before any substantive work begins.

Why do I need it?

For some ‘high risk’ activities, such as profiling or using data that requires additional protection because of its sensitivity, DPIAs must be carried out. For lower risk projects they’re not mandatory but are good practice and can help you avoid costs or other nasty surprises once your system is operational. As with most things relating to privacy and data protection, the use of DPIAs will also help you provide reassurance – to you and to others – that you’re doing things in the right way

What’s the process?

We will lead and support you through each step of completing a DPIA:

  • Describing the nature, scope, context and purposes of data processing;
  • Assessing the need for your system, how proportionate it is to what you want to achieve and the data protection requirements you’ll need to comply with;
  • identifying and assessing the impact that your work with have on the people whose information you’re handling;
  • identifying any and all the things that you’ll need to do to reduce any adverse effect.
What do I do next?

Talk to us by using the red ‘Book Online Consultation’ button.