achieve tomorrow today

Data Protection Impact Assessment

Data protection impact assessments (DPIAs) help organisations identify, assess and mitigate or minimise privacy risks with data processing activities. They’re particularly relevant when a new data processing process, system or technology is being introduced.

Data Protection Impact Assessments

Data protection impact assessments (DPIAs) help organisations identify, assess and mitigate or minimise privacy risks with data processing activities. They’re particularly relevant when a new data processing process, system or technology is being introduced.

DPIAs also support the accountability principle, as they help organisations comply with the requirements of the General Data Protection Regulation (GDPR) and demonstrate that appropriate measures have been taken to ensure compliance.

Failure to adequately conduct a DPIA where appropriate is a breach of the GDPR and could lead to fines of up to 2% of an organisation’s annual global turnover or €10 million – whichever is greater.

When should a DPIA be conducted?

A DPIA should be conducted as early as possible within any new project lifecycle, so that its findings and recommendations can be incorporated into the design of the processing operation.

Known as Privacy by Design, the embedding of data privacy features into the design of projects can have the following benefits:

  • Potential problems are identified at an early stage.
  • Addressing problems early will often be simpler and less costly.
  • Increased awareness of privacy and data protection across the organisation.
  • Organisations will be less likely to breach the GDPR.
  • Actions are less likely to be privacy intrusive and have a negative impact on individuals.

Key elements of a successful DPIA

The GDPR does not specify which DPIA process must be followed, but instead allows for organisations to introduce a framework that complements their existing working practices.

The document “Conducting privacy impact assessments code of practice”, from the Information Commissioner’s Office (ICO), is an example of such a framework. Privacy Impact Assessments (PIAs) are an integral part of taking a Privacy by Design approach.

A DPIA will typically consist of the following key steps:

  1. Identify the need for a DPIA.
  2. Describe the information flow.
  3. Identify data protection and related risks.
  4. Identify data protection solutions to reduce or eliminate the risks.
  5. Sign off the outcomes of the DPIA.
  6. Integrate data protection solutions into the project.

Privacy Impact Assessments (PIAs) are a tool that you can use to identify and reduce the privacy risks of your projects. A PIA can reduce the risks of harm to individuals through the misuse of their personal information. It can also help you to design more efficient and effective processes for handling personal data.

You can integrate the core principles of the PIA process with your existing project and risk management policies. This will reduce the resources necessary to conduct the assessment and spreads awareness of privacy throughout your organisation.

What is “privacy by design”?

Privacy by design is an approach to projects that promotes privacy and data protection compliance from the start. Unfortunately, these issues are often retro-fitted as an after-thought or ignored altogether.

Although this approach is not a requirement of the GDPR Data Protection Act, it will help organisations comply with their obligations under the legislation.

It is therefore in your best interests to ensure that privacy and data protection is a key consideration in the early stages of any project, and then throughout its life-cycle. For example when:

  • building new IT systems for storing or accessing personal data;
  • developing legislation, policy or strategies that have privacy implications;
  • embarking on a data sharing initiative; or
  • using data for new purposes.

Benefits of taking a “privacy by design” approach

Through the use of a “privacy by design” approach, you are employing an essential tool that minimises privacy risks and builds trust. Designing projects, processes, products or systems with privacy in mind at the outset can lead to benefits which include:

  • Potential problems are identified at an early stage, when addressing them will often be simpler and less costly.
  • Increased awareness of privacy and data protection across an organisation.
  • Organisations are more likely to meet their legal obligations and less likely to breach the Data Protection Act.
  • Actions are less likely to be privacy intrusive and have a negative impact on individuals.

Who should be involved in conducting a DPIA?

As an organisation that is capturing and storing sensitive information, you are responsible for ensuring that a DPIA is carried out.

The DPIA should be driven by people with appropriate expertise and knowledge of the project in question, normally the project team. If your organisation does not possess sufficient expertise and experience internally, you may consider bringing in external specialists to consult on or to carry out the DPIA.

Under the GDPR it is necessary for any organisation with a designated data protection officer (DPO) to seek the appropriate advice. This advice and the decisions taken should be documented as a part of the DPIA process.

At acambah we employ Privacy by Design within our standard project implementation methodology and allow you to benefit from a full DPIA during the initial implementation cycle of your project. We can assist in  connecting you with the appropriate people to assist you in the execution of a DPIA and recording of the required information.

Try our Consultation and Trial programme NOW

Contact us now to sign up

Total Cost of Ownership

Our unique deployment model allows you to significantly reduce the costs of running your Intelligent Information Management solution. Through simply moving your processing to the cloud, you are able to reduce the costs of on-site hardware, day to day maintenance of the system, training costs, software upgrades, patches, power consumption and overall support costs.

Return On Investment

Our cloud solution provides a secure and flexible platform that gives you a significant competitive edge, it also helps cash flow by eliminating the need for capital investment. Environments can be rapidly deployed on demand and enable you to realise the benefits across your whole Intelligent Information Management implementation cycle with the minimum of delay.

Contact Acambah now to discuss our solutions that connect people, processes and content.

Call Us on : +44 1628 670 716

or Submit the form to leave us a message.