What is a data protection impact assessment?
A data protection impact assessment (DPIA) is part of your accountability requirements under the UK GDPR.
It's a process that helps you:
- Identify and reduce the risks of data processing
- Decide if the level of risk is acceptable
- Comply with accountability obligations under the UK GDPR
- Demonstrate how you comply with all of your data protection requirements
Even if you outsource your DPIA, e.g. to a relevant data processor, you remain responsible for it.
The Information Commissioner's Office (ICO) recommends that you provide staff training on DPIAs. Not every staff member will need to know about them, but make sure that anyone responsible for making decisions on data processing knows when to conduct a DPIA and how to do it.
When do we need a DPIA?
There