Data Protection Impact Assessment (DPIA)

A Data Protection Impact Assessment is the process of systematically considering the potential impact that a project or initiative might have on the privacy of individuals. It will allow practices to identify potential privacy issues before they arise and come up with a way to mitigate them.

Action now

As an organisation consider when you might need to do a DPIA. Examples of this are new or current marketing initiatives or relocating the reception desk into another room.

For these and any other organisation initiatives you may have planned, or you plan in the future you should ‘systematically consider the potential impact’ these could have on your customers or team members and consider how you could mitigate any potential privacy issues.

Record your systematic considerations and what measures you plan to put in place to mitigate any risks to privacy.

Data Protection by design and default

It has always been an implicit requirement and therefore good practice and to adopt ‘privacy by design’ as a default approach.

GDPR now enshrines ‘privacy by design’ and ‘privacy by default’ in law. That means all privacy settings must be automatically privacy friendly.