Data Protection Impact Assessments

The Problem

Data Protection Impact Assessments (DPIAs) have been part of good practice for a number of years. The GDPR now imposes them as a requirement for certain activities and they form an important part of your accountability obligations. Whether you have been using Privacy Impact Assessments for many years or are new to them, the GDPR has specific requirements around the content of a DPIA, the need to identify risks to individual rights and freedoms as well as a requirement for consultation with the ICO in certain circumstances.

Is a DPIA needed?

You need to be able to demonstrate that you have appropriate processes in place to identify when a DPIA is required. This needs an understanding of what the GDPR says but also knowledge about how to apply its requirements to your organisation, including for example the 'blacklists' maintained by supervisory authorities such as the ICO which are additional scenarios in which a DPIA is required to those explicitly stated in the GDPR. 

How to conduct one

Once you've identified the need to carry out a DPIA you need to ensure that it covers all the areas required, is appropriately documented and you can evidence its outcomes have been integrated into your final process. There are templates available online including one from the ICO, but as with all templates, you need to ensure the one you use is appropriately tailored to the activity in question and used correctly.

Assessing Risks

The overarching aim of a DPIA is to demonstrate you have considered the risks to the rights and freedoms of individuals that your use of their data poses. Operational and project teams need the support of a 'critical friend' who understands the context of the work they do but has the privacy expertise to be able to independently consider the impact and risks while offering appropriate solutions to help mitigate those risks. This independent review is normally offered by a DPO under the GDPR, but what if you do not have one?

Our Solution

Our Privacy Impact Assessment managed privacy service provides you with direct access to skilled and experienced resource to help with your Data Protection Impact Assessments.

Your Fidabona PIA support team will inform and advise your management and staff about their obligations under data protection laws and help manage the process, evaluation of risks and mitigation including areas such as:
- Whether a DPIA is required
- Creation of a DPIA plan
- Stakeholder selection & consultation
- DPIA format selection
- Assessment of Necessity
- Assessment of Proportionality
- Recording the Nature of processing 
- Recording the Scope of processing
- Recording the Context of processing
- Privacy by Design & Default measures
- Identifying & mitigating risks
- Consultation with the ICO if required
We also have a unique proposition aimed at Data Processors such as SaaS providers to help them incorporate risk assessments and DPIAs into their client onboarding and change management processes in order to demonstrate compliance with their obligations under the GDPR to assist Data Controllers in carrying out DPIAs as well as to "immediately inform the controller if, in its opinion, an instruction infringes [the GDPR]'.

Tell us how we can help

How it works

Our service is flexible, allowing you to choose just how involved we are in your Data Protection Impact Assessment process. We can provide specialist Business Analyst resource to liaise with your internal teams and gather all the required information or you can opt to have us only provide advice such as whether a DPIA is required and a written risk report and recommendations based on information you gather. No 'one size fits all' approach and no tickboxes required. We help you implement an approach which really adds value to your process and product development.
  • 24/7/365 telephone line answered in your company name.
  • direct access to skilled personnel.
  • time spent and fixed cost options.
  • independent review and assessment of your DPIA.

Test us out for free

Have a DPIA query you would like answered? Book a free 30 minute online meeting with one of our qualified staff or submit a ticketed query about a DPIA you are currently dealing with.