GDPR Data Protection & Privacy Impact Assessments (DPIA)
If you store or process personal data and therefore fall under the requirements of GDPR, then your first step is going to be to carry out an Impact Assessment. If you’re not sure if you fall under the requirements, complete our free online threshold assessment to find out.
The purpose of an Impact Assessment process is to identify (amongst many other things) the categories of data you store (i.e. personal, sensitive or high-risk), where it is stored (is it within or outside of your organisation) and how it is secured (who has access to it, is it encrypted or anonymised in any way). This will then indicate which of the aspects of GDPR you are required to comply with, as well as provide the foundation of your accountability and record keeping requirements implied by the regulation.
Impact Assessments vary greatly in complexity, dependent mainly on the size of your organisation and the extent, location, visibility and ease of access to the personal data you store. However, Impact Assessments are an essential tool in your GDPR compliance journey, as they will enable you to identify the necessary next steps, the remedial actions required and the likely budget you’re going to need to address them.
The DPO Centre can guide you through the Impact Assessment process. We provide the expert data protection and GDPR knowledge you need and the experience of carrying out Assessments within a broad range of organisations and data landscapes. We have developed the tools, processes and documentation necessary to significantly reduce the resource overhead required to complete the process and ensure that the findings and recommendations are the most accurate and appropriate.
To discuss how we can support and streamline your GDPR compliance journey, contact one of our data protections experts for further advice.