Data protection impact assessments

Achieve data protection by design

Organisations need to assess any personal data processing that might result in high risk to individuals. Even if you don’t need to undergo a full DPIA, you have to document the screening questionnaire that leads you to that conclusion. Our approach ensures you record your processing details and document the risks and mitigation activities you’ve put in place.

What is a DPIA?

A data protection impact assessment is a process to systematically identify and reduce the risks related to personal data processing. The DPIA documentation is a blueprint that can be used by the organisation to implement data protection by design on those processing activities.

Article 35 of the GDPR

Article 35 of the GDPR requires that you undertake a Data Protection Impact Assessment (DPIA) for all high risk processing. A DPIA is a means of documenting the measures you’ve put in place to achieve compliance. You should have completed the DPIA prior to undertaking the processing.