Data protection impact assessment
Unlock This Video Now for FREE
This video is normally available to paying customers.
You may unlock this video for FREE. Enter your email address for instant access AND to receive ongoing updates and special discounts related to this topic.
A Data Protection Impact Assessment or DPIA is a process designed to help you to identify and minimise the data protection risks of a project.
Organisations should do a DPIA for processing that is likely to result in a high risk to individuals. This includes some specified types of processing that include systematic and extensive profiling or automated decision-making to make significant decisions about people, or where processing special category or criminal offence data on a large scale and where new technologies are being used.
There are many other instances where a data protection impact assessment would be a requirement, for example, if you are processing in any way that uses biometric data, or in a way that combines, compares or matches data from various sources or where automated decisions are being made, then you should check the ICO website for more information.
A privacy by design and data minimisation approach has always been an implicit requirement of the data protection principles, however, the GDPR now makes this an express legal requirement.