Managing Risk through Data Protection Impact Assessments
The Data Protection Act of 2021 requires that, prior to the processing of personal data, a Controller carries out an assessment of the impact of the envisaged processing operations on the protection of personal data, in a case where a type of processing uses new technologies which is likely to result in a high risk to the rights and freedoms of an individual, taking into account the nature, scope, context and purposes of the processing. This is a mandatory requirement, and every organisation that, at one time or the other, envisages introducing new technology to support their business processes that inevitably also involve processing of personal data, is expected to undertake this assessment.
The primary result of this assessment is the Data Protection Impact Assessment (DPIA) Report. It looks at various risk factors to the rights and freedoms of data subjects that are likely to associate with implementing such a technology and provides for mitigation factors to reduce the impact of such risks.
At Silham Consulting and Training Services, we provide various consultancy works in data protection and privacy practice, including advisory services on Data Protection Impact Assessments. Based on the tools we have developed and our expertise in understanding the requirements of the Act, we advise on the necessity for a DPIA and lead in the process of carrying out the DPIA where it has been established necessary for compliance.