GOSS Data Protection Impact Assessment
Get your organisational data processes right from the very start.
Creating best practice from the outset, this consultancy ensures your organisation's processes and projects are GDPR compliant from the very beginning. Helping you avoid the mess of retrospective action.
What is a DPIA?
Data Protection Impact Assessments (also known as privacy impact assessments or PIAs) are a tool which can help organisations identify the most effective way to comply with their data protection obligations and meet individuals' expectations of privacy. An effective DPIA will allow organisations to identify and fix problems at an early stage, reducing the associated costs and damage to reputation, which might otherwise occur.
Why do I need a DPIA?
DPIAs also support the accountability principle, as they help organisations comply with the requirements of GDPR and demonstrate that appropriate measures have been taken to ensure compliance. So if your organisation is looking to demonstrate that it is taking measures to ensure GDPR compliance, then the GOSS DPIA consultancy may be what you are looking for. Failure to adequately conduct a DPIA where appropriate is a breach of the GDPR and could lead to fines of up to 2% of an organisation's annual global turnover or €10 million - whichever is greater.
When should a DPIA be conducted?
You must carry out a DPIA when:
- using new technologies, and...
- the processing is likely to result in a high risk to the rights and freedoms of individuals.
Processing that is likely to result in a high risk includes (but is not limited to):
- systematic and extensive processing activities, including profiling and where decisions that have legal effects - or similarly significant effects - on individuals.
- large scale processing of special categories of data or personal data relation to criminal convictions or offences.
This includes processing a considerable amount of personal data at regional, national or supranational level; that affects a large number of individuals; and involves a high risk to rights and freedoms eg based on the sensitivity of the processing activity.
- large scale, systematic monitoring of public areas (CCTV).