A new requirement under GDPR is the process of conducting Data Processing Impact Assessments (DPIAs) for any new high risk processing projects.
A DPIA is the process of systematically considering the potential impact that a project or initiative might have on the privacy of individuals. It will allow organisations to identify potential privacy issues before they arise, and come up with a way to mitigate them. A DPIA can involve discussions with relevant parties/stakeholders. Ultimately such an assessment may prove invaluable in determining the viability of future projects and initiatives. The GDPR introduces mandatory DPIAs for those organisations involved in high-risk processing; for example, where a new technology is being deployed, where a profiling operation is likely to significantly affect individuals, or where there is large scale monitoring of a publicly accessible area.
You can find detailed guidance on DPIAs here.
As part of Convert’s GDPR Project, Convert developed guidance for staff and a template to be used to carry out DPIAs. You can find the template with the pre-filled screening questions here.
For further information, please contact support@convert.com.