Data Protection Impact Assessments
A Data Protection Impact Assessment (DPIA) identifies potential vulnerabilities in an organisation’s systems and processes that could have an impact on their ability to handle and process data in accordance with data protection principles and result in risks to data subjects.
HewardMills’ approach to this as part of its Privacy Operations model comprises nine steps:
- Check whether there is a need for a DPIA
- Describe how and why the data is to be used; the nature, scope, context and purpose of the processing
- Stakeholder consultation
- Assess whether the process is necessary and proportional
- Consider the potential impact on individuals and whether any harm or damage could be done
- Identify measures to mitigate the risks
- Record the outcomes and assess whether each risk has been eliminated, reduced or accepted; and if the relevant Supervisory Authority needs to be consulted
- Integrate the DPIA outcomes into a project plan
- Keep the DPIA under review
HewardMills helps its clients to comply with data protection regulations, including: GDPR, ePrivacy laws, local laws (for multi-jurisdictional organisations), cybersecurity requirements, as well as legal and regulatory requirements arising from emerging technologies such as blockchain.
We are a multi-disciplinary team of data protection practitioners, lawyers, corporate governance and cyber security experts, with a wealth of knowledge delivering data protection excellence and trust to you and your organisation.
If you would like to learn more about how HewardMills helps organisations handle and process data safely, securely and responsibly in line with international policies and regulations, please get in touch via telephone (+44 (0) 20 3367 1245 or +353 (0) 1669 4642), or email firstname.lastname@example.org today.