GDPR, data, protection, security, cyber security, customer data, flaw

DPIA – Data Protection Impact Assessments

What is a DPIA?

Under GDPR, Data Protection Impact Assessments (DPIA) will become an important (and mandatory) way of identifying, assessing and mitigating or minimising privacy risks with data processing activities. This could be particularly relevant when a new data processing process, system or technology is being introduced.

DPIAs also support the accountability principle. In other words, they help organisations to comply with the requirements of GDPR and demonstrate that appropriate measures have been taken to ensure compliance. Under the GDPR, Data Controllers must conduct DPIAs where privacy breach risks are high so that the risks to data subjects are minimised. This means that to minimise risks to data, subjects DPIAs will be needed.

The importance of the use of DPIAs in building compliance is underlined by the potential penalties of failing to do so. If companies / organisations fail to adequately conduct a DPIA where it is deemed to have been appropriate, this could result in fines of up to 2% of an organisation’s annual global turnover or €10 million, whichever is greater.

Appoint a Data Protection Officer (DPO)

If you are a public authority processing personal information, or if your main activity involves the regular and systematic monitoring of data subjects on a large scale, or if your main work involves the processing on a large scale of special categories of data you will need to appoint a Data Protection Officer (DPO).

This person will need to be very familiar with all aspects compliance with existing (and new) UK and the new EU regulations. This could therefore have an impact on staffing and resources (for training). Your company / organisation as the ‘Data Controller’ will, therefore, need to make sure that your DPO is trained and certified. This will help with the company / organisations’ compliance, as well ensuring that correct practice is used by the DPO.

What Will the DPO Do?

The DPO’s role will include:

Getting involved with all matters relating to the protection of data e.g. in the company and through relationships with 3rd parties.

Consulting with Data Controllers on DPIAs (explained in the previous section), and providing instruction to Data Controllers on their obligations under GDPR.

Monitoring compliance of the Data Controller’s policies with GDPR, the DPB, and any other relevant laws.

Dealing with communications from data subjects about their rights and the processing of their data.

Facilitating and carrying out audits.

Attending meetings relating to data processing, and co-operating and consulting with authorities where necessary.

There will be a Common Data Breach Notification Requirement of 72 hours

Your organisation will need to have the capability and systems in place to enable it to monitor for, identify and notify the ICO of a data breach within 72 hours of discovering it.

"Reece is awesome!"

Cardboard Tube Manufacturer, Dartford
IT reoport, Essex, London, southend

DPIA – Data Protection Impact Assessments

Data Protection Impact Assessments are a mandatory way of identifying, assessing and mitigating or minimising privacy risks.

Read more
gdpr, privacy, data protection, Essex, London, southend

GDPR – The six privacy principles

There are six principles which give companies a broad, top level overview of which areas are covered by the new regulation.

Read more
cyber security, personal, data, protection, Essex, London, southend

GDPR – Data subjects’ rights

GDPR lists a range of customers’ or data subjects’ rights that must be adhered to. If you hold data on anyone, they have a right to know.

Read more
customer, consent, Essex, London, southend

GDPR – Consent

Under GDPR your company must be able to prove clear and affirmative consent to process personal data.

Read more
fine, Essex, London, southend

GDPR – Liabilities to your business

Liability and responsibility will extend to all organisations that touch the personal data of the subject / subjects.

Read more
gdpr consultant, Essex, London, southend, training

GDPR and your business

Companies need to take a fresh look at how they deal with personal data in all aspects of operations, and 3rd party business relationships.

Read more
Brexit, Essex, London, southend

Post Brexit – Data Protection Bill

This new UK Data Protection Bill will replace the Data Protection Act 1998, and will essentially transfer the EU’s GDPR into UK law post Brexit.

Read more
GDPR, compliancy, compliant, consultancy

GDPR compliancy service

Find out how Globalnet can help small businesses protect personal data and meet GDPR requirements.

Read more


Globalnet aims to be an integral part of your success, providing the best business advice, superior IT support and technology to help you reach your goals.

0203 005 9650