Data Protection Impact Assessments
A Data Protection Impact Assessment (DPIA) is a tool to determine whether a particular data processing operation is likely to have an impact on data subjects’ rights.
HewardMills’ approach under its Privacy Operations pillar comprises nine steps:
- Check whether there is a need for a DPIA
- Describe how and why the data is to be used (the nature, scope, context and purpose of the processing)
- Stakeholder consultation
- Assess whether the process is necessary and proportional
- Consider the potential impact on individuals and whether any harm or damage could be done
- Identify measures to mitigate the risks
- Record the outcomes and assess whether each risk has been eliminated, reduced or accepted; and if the relevant Supervisory Authority needs to be consulted
- Integrate the DPIA outcomes into a project plan
- Keep the DPIA under review
HewardMills helps its clients comply with a broad range of data protection regulations, including the GDPR, ePrivacy Directive, local legislation (for multijurisdictional organisations) and cybersecurity laws, as well as with legal and regulatory requirements arising from emerging technologies such as blockchain.
We are a multidisciplinary team of data protection practitioners, lawyers, corporate governance specialists and cybersecurity experts, with a wealth of knowledge delivering data protection excellence to your organisation.
If you would like to learn more about how HewardMills can help your organisation handle and process data safely, securely and responsibly in line with international regulations and policies, please get in touch via telephone (+44 20 3998 1840 or +353 1669 4642), or email firstname.lastname@example.org today.