A new requirement under GDPR, is the process of conducting Data Processing Impact Assessments (DPIAs) for any new high risk processing projects.
A DPIA is the process of systematically considering the potential impact that a project or initiative might have on the privacy of individuals. It will allow organisations to identify potential privacy issues before they arise, and come up with a way to mitigate them. A DPIA can involve discussions with relevant parties/stakeholders. Ultimately such an assessment may prove invaluable in determining the viability of future projects and initiatives. The GDPR introduces mandatory DPIAs for those organisations involved in high-risk processing; for example, where a new technology is being deployed, where a profiling operation is likely to significantly affect individuals, or where there is large scale monitoring of a publicly accessible area.
You can find detailed guidance on DPIAs here.
What is Convert doing about DPIAs?
As part of Convert’s GDPR Project, Convert developed guidance for staff and a template to be used to carry out DPIAs. You can find the template with the screening question filled in attached in this article.
For further information, please contact firstname.lastname@example.org.