Data Protection Impact Assessments

Data Protection Impact Assessments

A Data Protection Impact Assessment (DPIA) is a tool to determine whether a particular data processing operation is likely to have an impact on data subjects’ rights.

HewardMills’ approach under its Privacy Operations pillar comprises nine steps:

  1. Check whether there is a need for a DPIA
  2. Describe how and why the data is to be used (the nature, scope, context and purpose of the processing)
  3. Stakeholder consultation
  4. Assess whether the process is necessary and proportional
  5. Consider the potential impact on individuals and whether any harm or damage could be done
  6. Identify measures to mitigate the risks
  7. Record the outcomes and assess whether each risk has been eliminated, reduced or accepted; and if the relevant Supervisory Authority needs to be consulted
  8. Integrate the DPIA outcomes into a project plan
  9. Keep the DPIA under review

HewardMills helps its clients comply with a broad range of data protection regulations, including the GDPR, ePrivacy Directive, local legislation (for multijurisdictional organisations) and cybersecurity laws, as well as with legal and regulatory requirements arising from emerging technologies such as blockchain.

We are a multidisciplinary team of data protection practitioners, lawyers, corporate governance specialists and cybersecurity experts, with a wealth of knowledge delivering data protection excellence to your organisation.

If you would like to learn more about how HewardMills can help your organisation handle and process data safely, securely and responsibly in line with international regulations and policies, please get in touch via telephone (+44 20 3998 1840 or +353 1669 4642), or email dpo@hewardmills.com today.

Data Protection Impact Assessments

A Data Protection Impact Assessment (DPIA) is a tool to determine whether a particular data processing operation is likely to have an impact on data subjects’ rights.

HewardMills’ approach under its Privacy Operations pillar comprises nine steps:

  1. Check whether there is a need for a DPIA
  2. Describe how and why the data is to be used (the nature, scope, context and purpose of the processing)
  3. Stakeholder consultation
  4. Assess whether the process is necessary and proportional
  5. Consider the potential impact on individuals and whether any harm or damage could be done
  6. Identify measures to mitigate the risks
  7. Record the outcomes and assess whether each risk has been eliminated, reduced or accepted; and if the relevant Supervisory Authority needs to be consulted
  8. Integrate the DPIA outcomes into a project plan
  9. Keep the DPIA under review

HewardMills helps its clients to comply with data protection regulations, including: the GDPR, ePrivacy Directive, local laws (for multijurisdictional organisations), cybersecurity laws, as well as legal and regulatory requirements arising from emerging technologies such as blockchain.

We are a multidisciplinary team of data protection practitioners, lawyers, corporate governance and cybersecurity experts, with a wealth of knowledge delivering data protection excellence and trust to your organisation.

If you would like to learn more about how HewardMills helps organisations handle and process data safely, securely and responsibly in line with international policies and regulations, please get in touch via telephone (+44 20 3367 1245 or +353 1669 4642) or email dpo@hewardmills.com today.

Let’s work together

Contact us

Let’s work together

Contact us