We work with organisations to conduct Data Protection Impact Assessments (DPIAs). These must be completed when using new technologies and where processing is likely to result in high risk to individuals – for example, profiling or the use of health data on a large scale.
Personally identifiable information
A DPIA involves a risk assessment of proposed processing of personal data. If an organisation is processing personal data that is likely to result in a high risk to the individual data subject’s rights, it will be required by law to carry out a DPIA prior to commencing that processing.
Frontier Privacy guides clients on how to develop internal processes to ensure DPIAs are carried out when necessary and reviewed when risks change. This will provide an evaluation of proposed processing, identification of risk and an outline of the measures being taken to mitigate those risks.
Also, whether an organisation acts as a data controller or data processor, it may be necessary to consult with the relevant Data Protection Authority before the start of processing – namely where a DPIA indicates that the processing would result in a high risk to the safety of the personal data. As with all matters GDPR-related, having proof of good policies and procedures and the carrying out of a DPIA will be an organisation’s first line of defence.