DPIA (Data Protection Impact Assessment)
Ascot London’s DPIA is a one-off project-based service that identifies potential high-risk impacts on business and personal data when our clients deploy new services or enhancements to an existing service, process, or technology.
What is a Data Protection Impact assessment?
It’s a process to help you identify and minimise the data protection risk of a project.
Why would I need a DPIA?
Doing a DPIA for any major project requiring personal data processing is good practice.
You must do a DPIA for processing, likely resulting in a high risk to individuals. This includes some specified types of processing, such as:
- using systematic and extensive profiling or automated decision-making to make significant decisions about people (learn more about this in our data protection training)
- processing special-category data or criminal-offence data on a large scale
- use innovative technology in combination with any of the criteria in the EU guidelines
- use profiling, automated decision-making or special-category data to help make decisions on someone else’s access to a service, opportunity or benefit
- process biometric or genetic data in combination with any of the criteria in the EU guidelines
- combine, compare or match data from multiple sources
- process personal data without providing a privacy notice to the individual in combination with any of the criteria in the UK or EU guidelines
- process personal data that involves tracking individuals’ online or offline location or behaviour in combination with any of the criteria in the UK or EU guidelines
- process personal data that could result in a risk of physical harm in the event of a security breach
- process children’s personal data for profiling, or automated decision-making or marketing processes, or offer services to children directly
It is also advisable to carry out a DPIA when using personal data in any of these circumstances:
- evaluation and scoring
- automated decision-making (with significant effects)
- systematic monitoring
- processing of sensitive data or data of a highly personal nature
- processing on a large scale
- processing of data concerning a vulnerable subject
- innovative technological or organisational solutions
- processing that involves preventing individuals (data subjects) from exercising a right or using a service or contract.
Who would benefit from this service?
Any SME (with or without a documented policy and process for Data Protection) that plans to introduce a new or improved set of products, services and technology into their own business offering.
What is the business outcome?
Ascot London will deliver a risk assessment document outlining all and any data protection risks that apply to the new or enhanced service being delivered.
Inclusions, Exclusions and Terms
Because of the variance in potential project scope, Ascot London would assess the project requirements and provide pricing once the full scope has been identified.
