Menu Close


GDPR DPIA? How to Conduct a Data Protection Impact Assessment

gdpr,uk,data protection,implementation

Data Protection Impact Assessment (DPIA) is a process to help you identify and minimise the data protection risks of a business.

Under the GDPR You must do a DPIA for certain types of processing, or any other processing that is likely to result in a high risk to individuals. You can use our screening checklists to help you decide when to do a DPIA.

It is also good practice to do a DPIA for any other major project which requires the processing of personal data.

We can assist you and conduct a DPIA for you.

Your DPIA must:

  • describe the nature, scope, context and purposes of the processing; 
  • assess necessity, proportionality and compliance measures; 
  • identify and assess risks to individuals; and
  • identify any additional measures to mitigate those risks.

To assess the level of risk, you must consider both the likelihood and the severity of any impact on individuals. High risk could result from either a high probability of some harm, or a lower possibility of serious harm.
You should consult your data protection officer (if you have one) and, where appropriate, individuals and relevant experts like Compliance Consultant on 0203 813 7939. Any data processors you employ may also need to assist you.

Get Our Free GDPR Document

Recent Enquiry