Data Protection Impact Assessments

Data Protection Impact Assessments identify level of risk to data subjects through your processing activities. These are vital to capture a true baseline risk to the business.

Service Description

Article 35 of the GDPR introduces the concept of a Data Protection Impact Assessment (DPIA)
The DPIA is process requires the business to describe the processing it is assessing, and to determine the necessity and proportionality as well as to identify, understand and manage the risks. This is not the risks to the business, but to the rights and freedoms of the peoples data that is being processed. In this way, the risk assessment differs from other parts of the business.

The DPIA is an important method to install and demonstrate accountability, as they help controllers to comply with requirements of the GDPR, and demonstrate via the documented DPIA that appropriate measures have been taken
You are required to carry out Data Protection Impact Assessments (DPIA) under certain conditions, and it is considered a good practice to do in any case. One advantage of integrating DPIA’s into standard operating procedure is the level of information and important record keeping that is generated as a natural outcome of the process.

UKGDPR create a custom work-flow procedure with OneTrust software that integrates the required roles and streamlines the entire process. So now, your subject matter experts can complete their section,and hand over to legal, who then hands on to IT, etc. Risks in the processing activity are flagged and put into a register to manage. Alternatively, for smaller companies, we can set up a work-flow using simple Excel spreadsheets.

How We Can Help

Conducting a DPIA is time consuming and requires bringing together of several departments. Legal departments need to confirm the relevant contract addendums are in place for 3rd parties, IT contribute information about system and data flows, the CISO will have risk assessment work to do, and the project owner themselves must provide detailed information about the nature of the processing.


Track your progress across all your projects and never let a late project go unnoticed again

Got Questions?

Contact us and let us know how we can help you
Contact us!

We're a group of privacy and security consultants with experienced GDPR practitioners and Data Protection Officers. We look forward to helping you align your company goals with appropriate and adequate organisational and technical measures. 

Copyright 2018 UKGDPR Limited, a company registered in England, company number: 11002759