Data Protection Impact Assessments (DPIAs)

Data Protection Impact Assessments (DPIAs)

Organisations that receive, hold or share personal data are legally required to adopt a privacy by design approach, which includes conducting regular Data Protection Impact Assessments (DPIAs).

 

What is a DPIA?

A DPIA is an evaluation of the origin, nature, particularity and severity of the risk to the rights and freedoms of natural persons before processing personally identifiable information (PII) and should include the measures, safeguards and mechanisms envisaged for mitigating the identified risks.

A DPIA can be established for specific business processes (established or new) and will need re-evaluating periodically to meet compliance requirements.

 

Why is a DPIA needed?

To reduce a project’s privacy risks.

DPIAs help to identify and address risks at an early stage by analysing the proposed uses of PII together with related technologies for use, to then check how the PII and technology will work together in practice to identify potential compliance risks and proposing methods for mitigating such risks to the point of compliance.

 

What do DPIAs require an organisation to do?

An organisation is required to document the following in a DPIA:

  • what kind of personal information will be collected in the project;
  • how it is collected, used, transmitted and stored;
  • how and why it can be shared; and
  • how it is protected from inappropriate disclosure at each step.

 

Osprey DPIA

Your starting point for data compliance and beyond…

If you are just starting your GDPR journey or you’ve already made a start but need to validate your approach, Osprey’s FREE* DPIA tool is the first step to gaining insights into how your organisation collects, stores, uses, transmits, shares and protects personal information.

Osprey DPIA is the smart data solution driven by AI & purpose-built to analyse unstructured data for valuable insights to help:

  • manage compliance
  • regulatory risk
  • develop strategies for cyber risk
  • manage intelligent migration projects
  • data cleanse

Osprey DPIA takes you through the assessment step-by-step. It allows you to invite multiple users from different departments, teams or projects to input, and includes save and edit functionality, as well as historical tracking & recurring DPIA.

 

Sign Up to Osprey at www.gravicus.com to access up to 5 FREE* DPIAs

*Subscription fees apply once user exceeds 5 free DPIAs.

 

GRAVICUS
Experts in simple, smart data management and compliance software