Get Free Downloads
Start your GDPR today in just a few clicks
      
Get Free Downloads
Start your GDPR today in just a few clicks

GDPR Data Protection Impact Assessment

Tagged with GDPR HELP, GDPR ADVICE, DPIA, GDPR
by Adam Brogden
in Blog

08-Jul-2019 11:56

If you use Legitimate Interest as your lawful basis then you must be able to prove that this is a reasonable basis to use. LI is probably the most flexible but is also the most risky since you may need to prove your use of LI is reasonable. That’s where a Data Protection Impact Assessment can help. DPIAs are complicated and require significant time and effort but will be invaluable if you need to be prove that LI is reasonable and that you have considered the risks associated with your systems and processing.

DPIAs are an essential part of your GDPR obligations even where you use other lawful basis. Conducting a DPIA is a legal requirement for any type of processing, including certain specified types of processing that are likely to result in a high risk to the rights and freedoms of individuals. Under GDPR, failure to carry out a DPIA when required may leave you open to enforcement action, including a fine of up to €10 million, or 2% global annual turnover if higher.

By considering the risks related to your intended processing before you begin, you also support compliance with another general obligation under GDPR: data protection by design and default.

Your DPIA can cover a single processing operation, or a group of similar processing operations. You may even be able to rely on an existing DPIA if it covered a similar processing operation with similar risks. For new technologies, you may be able to use a DPIA done by the product developer to inform your own DPIA on your implementation plans. You can use an effective DPIA throughout the development and implementation of a project or proposal, embedded into existing project management or other organisational processes.

For new projects, DPIAs are a vital part of data protection by design. They build in data protection compliance at an early stage, when there is most scope for influencing how the proposal is developed and implemented. However, it’s important to remember that DPIAs are also relevant if you are planning to make changes to an existing system. In this case you must ensure that you do the DPIA at a point when there is a realistic opportunity to influence those plans.

Optindigo gives you a useful DPIA template and we will of course help you through the process. Our advice is that if you are in any doubt you should complete a DPIA – this might sound like a lot of work but is definitely worth the effort.

Call/email/chat online any time.

Good luck all.