Menu
Compliance Compendium
  • Back to Home
  • Blog
Compliance Compendium

Data Protection Impact Assessment and the GDPR

Posted on November 5, 2018January 7, 2019

The General Data Protection Regulation (GDPR) came into effect during May 2018.  The focus of the GDPR is on proper data handling and management.  But why involve risk management in the picture?  And why the need for assessments and all those things?

RISK MANAGEMENT

Risk Management broken down to the basics, is the identification of current and future risks or hazards that could affect your company or the projects it is working on.  The aim here is also to identify possible solutions or mitigating factors for these.

One of the requirements of the GDPR is that Data Protection Impact Assessments (DPIA) be conducted regularly.  So regularly in fact, that it has to be done before each and every big project.

WHAT IS A DPIA?

The ICO provides checklists and guidelines that can be used when conducting these assessments.  Companies are also allowed to draft their own templates based on the above for guidance.

The whole purpose behind the DPIA can be summarized as follows:

  • A detailed summary of the scope and purpose of the project – specifically detailing what, why and how data will be collected and for what reason and what it will be used for.
  • What will be the risks involved to the individual upon collection and utilization of their information?
  • Are there any methods in place to alleviate / prevent those risks?
  • Scaled, how high is the risk profile?

In cases of high risk projects, the ICO body of the UK needs to be informed for them to do a final evaluation and assessment on the DPIA.

One DPIA can also be used for a few inter-linking/ overlapping projects, or by multiple role players working on the same project.

A Data Protection Officer (DPO) is a valuable human resource tool for any company to have.  They know the GDPR off by heart and will be able to assist with the DPIA’s.

ToPublish-NotPublish

TO PUBLISH / NOT TO PUBLISH?

For high risk DIA’s, the DPIA also needs to be published.  But not all DPIA’s need to be published.  Some people advocate publishing more.  This will prove that your company is both compliant and transparent.  You don’t even need to publish everything, summarized versions are also acceptable.

ALL THE JARGON ASIDE…

“I just started my company and know the new legislation and regulations but am very unsure of how to do my first DPIA”.  A wonderful fountain of knowledge and advice for the everyman can be found at our company website on Compliance Compendium.  Our main aim and focus is to provide assistance to all sized companies and NGO’s, both in the UK and worldwide.

We have offices in the UK itself as well as in India and come with a very competent staff complement. Our services and products are affordable, focusing rather on regulation and compliance assistance and training rather than making a quick buck.  Find us at ComplianceCompendium

IN CONCLUSION

All these new laws and regulations can feel like an unclimbable mountain if you take a first glance at it.  But the golden thread running through them all is the protection of the data of the individual citizen by companies within the UK as well as those doing business with citizens of the UK.

If you follow the regulations and work on the advice of Compliance Compendium, your company will be open and transparent to the public.  Your company will also portray the fact that it has the best interests and safety of the individual in mind through everything.

I hope this article has been useful.  Please feel free to leave any comments or suggestions for future improvements.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

©2026 Compliance Compendium | Powered by SuperbThemes & WordPress