Data Protection Impact Assessments (DPIA)

Under the new GDPR regulations,  data controllers must ensure that Data Protection Impact Assessments are completed on any data processing operations that result in a high risk to data subjects.  As an example, processing of information that profile individuals, processing of sensitive data, data including criminal convictions, CCTV or information on vulnerable data subject could require a DPIA.

The purpose of the DPIA is to identify potential risks to the rights and freedoms of individuals before the processing of personal data begins and before the risk materialises. By mitigating the risk up front, damage can be avoided and costs minimised.

Symmetry can consult with controllers and your organisation’s data protection officer to offer advice on whether your business processing activities require a DPIA. Our approach includes the steps:

• Identify if a DPIA is needed
• Determine that the processing is necessary and proportionate
• Identify the risks associated with the processing
• Identify solutions/mitigations to the risks
• Document the findings
• Enter results into the proposal
• Implementation

A DPIA will be completed on each data processing operation that requires an assessment and we will provide a report.

Our data privacy impact assessment reports include:

• A systematic description of the envisaged processing operations
• An assessment of the necessity and proportionality of the processing operations in relation to the purposes
• An assessment of the risks to the rights and freedoms of data subjects
• The measures envisaged to address the risks, including safeguards, security measures, and mechanisms to ensure the protection of personal data and to demonstrate compliance with this regulation, taking into account, the rights and legitimate interests of data subjects and other persons concerned.

Benefits of Data Protection Impact Assessment

• Minimizing risks
• Preventing unlawful processing
• Implementing privacy by design and by default
• Avoid fines:  subject to a fine up to 10 million Euros or up to 2% of the total worldwide turnover of the preceding year
• Avoid loss of reputation and customer trust

Unsure if you require a DPIA? Get in touch below and a certified member of staff will help your  with your requirements.