DPIA explained in plain human language

DPIA Or Data Protection Impact Assessment

The purpose of a DPIA or data protection impact assessment is to identify risks where loss or theft could occur when processing personal data within an organization.

The loss or theft of data has causes such as when information is sent to incorrect recipients, the loss of a computer, a break-in or a hacking.

Conducting a DPIA involves creating a scope about the type and sensitivity of personal data an organization processes, the manner and period of retention, with whom and how this data is shared and how personal data is destroyed.

The result of this assessment tells us what actions should be taken to minimize both data loss and theft in the context of processing personal data.

Conducting a DPIA is not a one-time task, but an ongoing process. We continuously evaluate relevant national and European legislation.

Mandatory?

When data processing may pose a high risk of violations of human “rights and freedoms,” you, as a data controller, can determine whether or not to conduct an assessment.

However, in some cases it is mandatory to conduct an assessment such as:

– When implementing new IT systems.

– Monitoring rooms with cameras.

– Processing personal data to third countries.

– When processing sensitive personal data.

Conduct DPIA