DPIA (Data Protection Impact Assessment)

Ascot London Consultancy’s DPIA is one-off project-based service that identifies all and any potential high risk impact on business and personal data when new services or enhancements to an existing service, process or technology are being deployed by our clients.

What is a Data Protection Impact assessment?

It’s a process to help you identify and minimise the data protection risk of a project.

Why would I need a DPIA?

It is good practice to do a DPIA for any major project which requires the processing of personal data.

You must do a DPIA for processing that is likely to result in a high risk to individuals. This includes some specified types of processing, like:

  • using systematic and extensive profiling or automated decision-making to make significant decisions about people (learn more about this in our data protection training)
  • processing special-category data or criminal-offence data on a large scale
  • use innovative technology in combination with any of the criteria in the EU guidelines
  • use profiling, automated decision-making or special-category data to help make decisions on someone else’s access to a service, opportunity or benefit
  • process biometric or genetic data in combination with any of the criteria in the EU guidelines
  • combine, compare or match data from multiple sources
  • process personal data without providing a privacy notice to the individual in combination with any of the criteria in the EU guidelines
  • process personal data, that involves tracking individuals online or offline location or behaviour, in combination with any of the criteria in the EU guidelines
  • process personal data that could result in a risk of physical harm in the event of a security breach
  • process children’s personal data for profiling or automated decision-making or for marketing process, or offer services to children directly

It is also advisable to carry-out a DPIA, when using personal data in any of these circumstances:

  • evaluation and scoring
  • automated decision-making (with significant effects)
  • systematic monitoring
  • processing of sensitive data or data of a highly personal nature
  • processing on a large scale
  • processing of data concerning vulnerable subject
  • innovative technological or organisational solutions
  • processing that involves preventing individuals (data subjects) from exercising a right or using a service or contract.

Who would benefit from this service?

Any SME (with or without a documented policy and process for Data Protection) that plans to introduce a new or improved set of products, services and technology into their own business offering.

What is the business outcome?

Ascot London Consultancy will deliver a risk assessment document outlining all and any data protection risks that apply to the new or enhanced service being delivered.

Inclusions, Exclusions and Terms

Because of the variance in potential project scope, Ascot London Consultancy would assess the project requirements and provide pricing once the full scope has been identified.