Data Protection Impact Assessments How do we carry out a DPIA?

Slides:



Advertisements
Similar presentations
1 Improving Services and Performance Toolkit for Effective Front-line Services to Youth Module Six: Documentation: Record- keeping, and Case Notes.
Advertisements

Risk Management Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.
Systemise your compliance management Peter Scott Consulting
Privacy Impact Assessments Iain Bourne, Group Manager, Policy Delivery Information Commissioner’s Office, UK Workshop on data protection and the internet:
Risk Management Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.
Legal framework Look at the legal compliance and framework a business is subject to.
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
CMG Events 2016 Cybersecurity Briefing 24 February 2016 John Magee William Fry.
Using GAO’s Fraud Risk Management Framework
Business Challenges in the evolution of HOME AUTOMATION (IoT)
Protection of Personal Information Act An Analysis on the impact.
ETHICAL ISSUES IN HEALTH AND NURSING PRACTICE CODE OF ETHICS, STANDARDS OF CONDUCT, PERFORMANCE AND ETHICS FOR NURSES AND MIDWIVES.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
Learning objective Understand how to safeguard children in relation to legislation, frameworks, policies and procedures. Identify current.
GDPR Module 3: Accountability and Governance
Running a Privacy Impact Assessment (PIA)
Issues of personal data protection in scientific research
Privacy Impact Assessments (PIAs)
Risk Management Policy & Procedures
GDPR Awareness and Training Workshop
General Data Protection Regulation (GDPR
General Data Protection Regulation
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
GDPR Overview GDPR - General Data Protection Regulations
GDPR Security: How to do IT? IT reediness for competitive advantage
Public Sector Organisations - are you GDPR ready?
Bob Siegel President Privacy Ref, Inc.
GDPR - Individual’s Rights
GENERAL DATA PROTECTION REGULATION (GDPR)
Data Protection Reform in Local Government
Cyberforum 2018 March 8, 2018 Los Angeles GDPR & SECURITY
GDPR - New Data Protection Regulation
General Data Protection Regulation
Reporting personal data breaches to the ICO
GDPR and paper records Why it’s not all cyber and fines Gary Shipsey
Security measures Introducing Risk Assessment in GDPR
Emergency drill: ECB’s medical scheme and DPIAs
Headline notes UK data protection law will change on 25 May 2018, when the EU General Data Protection Regulation (“GDPR”) takes effect, replacing the.
State of the privacy union
The general data protection regulations practicalities for practice
G.D.P.R General Data Protection Regulations
The GDPR & Schools - An Introduction -
Data Protection Impact Assessments Drop-in advice session
General Data Protection Regulation
Preparing for the GDPR - What do we need to do if we process children’s personal data? Data Protection Practitioners’ Conference 2018 #DPPC2018.
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
GDPR How does it apply to me?.
Data Mapping On the Journey to Accountability
IMPLICATIONS OF GDPR ROBERT BELL.
Welcome!.
Detecting, reporting & investigating data breaches under GDPR
Our New Integrated Business Management System [“IMS”]
 How does GDPR impact your business? Pro Tip: Pro Tip: Pro Tip:
Governing the risk of GDPR compliance
GDPR & Accountability ISACA Ireland Annual Conference 2018
Information Handling Research Student Induction Day
Data Protection Impact Assessments
IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004
What YOUR ORGANIZATION CAN be doing to prepare
Welcome IITA Inbound Insider Webinar: An Introduction to GDPR
General Data Protection Regulation Q & A Session
Data Protection What you need to know
Session 4: Data Mapping and Data Subject Rights
Data Protection What can I do? GDPR Principles General Data Protection
Session 4: Data Mapping and Data Subject Rights
GDPR: Understanding your obligations and the ongoing challenges
“Seven-minute Staff Meeting”
General Data Protection Regulation “11 months in”
EU Data Privacy: What US Orgs Need to Do Now to Prepare for the GDPR
A. Šidlauskas Mykolas Romeris University (LITHUANIA)
Presentation transcript:

Data Protection Impact Assessments How do we carry out a DPIA? Data Protection Practitioners’ Conference 2018 #DPPC2018

Guide to the GDPR DPIA Awareness checklist DPIA Screening checklist DPIA Process checklist Data Protection Practitioners’ Conference 2018 #DPPC2018

#DPPC2018 Data Protection Practitioners’ Conference 2018 1: Identify need for a DPIA 2: Describe the processing 3: Consider consultation 4: Assess necessity and proportionality 5: Identify and assess risks 6: Identify measures to mitigate risk 7: Sign off and record outcomes 8: Integrate outcomes into plan 9: Keep under review Data Protection Practitioners’ Conference 2018 #DPPC2018

Describe the processing: Purpose of the processing What do you want to achieve? What are the benefits – to you and more broadly? What is the intended effect on individuals? Data Protection Practitioners’ Conference 2018 #DPPC2018

Describe the processing: Context of the processing What is your relationship with the individuals? Would they expect you to do this? might they object? Is this novel? Are there any concerns you are aware of? Data Protection Practitioners’ Conference 2018 #DPPC2018

Describe the processing: Scope of the processing How much data will you collect and use, and how often? Is it special category or criminal offence data, how long will you keep it? How many individuals does it relate to, over how large an area? Data Protection Practitioners’ Conference 2018 #DPPC2018

Describe the processing: Nature of the processing How will you collect, use, store and delete data? What is the source of the data? Will you be sharing data with anyone? Data Protection Practitioners’ Conference 2018 #DPPC2018

Want to ask us a question? Go to slido.com/#DPPC2018/DPIA Data Protection Practitioners’ Conference 2018 #DPPC2018

#DPPC2018 Data Protection Practitioners’ Conference 2018 1: Identify need for a DPIA 2: Describe the processing 3: Consider consultation 4: Assess necessity and proportionality 5: Identify and assess risks 6: Identify measures to mitigate risk 7: Sign off and record outcomes 8: Integrate outcomes into plan 9: Keep under review Data Protection Practitioners’ Conference 2018 #DPPC2018

Consider consultation Are you consulting with individuals or their representatives? If not, have you documented why? Data Protection Practitioners’ Conference 2018 #DPPC2018

Consider consultation Have you consulted with relevant internal stakeholders? Have you considered getting external advice? Data Protection Practitioners’ Conference 2018 #DPPC2018

Why not get involved? Go to slido.com/#DPPC2018/DPIA #DPPC2018 Data Protection Practitioners’ Conference 2018 #DPPC2018

#DPPC2018 Data Protection Practitioners’ Conference 2018 1: Identify need for a DPIA 2: Describe the processing 3: Consider consultation 4: Assess necessity and proportionality 5: Identify and assess risks 6: Identify measures to mitigate risk 7: Sign off and record outcomes 8: Integrate outcomes into plan 9: Keep under review Data Protection Practitioners’ Conference 2018 #DPPC2018

Necessity and proportionality Can you identify a valid lawful basis? Does your processing actually achieve your purpose? Is there a less intrusive way of reaching the same outcome? Data Protection Practitioners’ Conference 2018 #DPPC2018

Necessity and proportionality How will you prevent function creep? How will you ensure data quality? How will you ensure data minimisation? Data Protection Practitioners’ Conference 2018 #DPPC2018

Necessity and proportionality What information will you give individuals? How will you help to support their rights? Data Protection Practitioners’ Conference 2018 #DPPC2018

Necessity and proportionality What measures do you take to ensure processors comply? How do you safeguard any international transfers? Data Protection Practitioners’ Conference 2018 #DPPC2018

DPIA consultation- closes Friday Tell us your thoughts @ ico.org.uk Data Protection Practitioners’ Conference 2018 #DPPC2018

#DPPC2018 Data Protection Practitioners’ Conference 2018 1: Identify need for a DPIA 2: Describe the processing 3: Consider consultation 4: Assess necessity and proportionality 5: Identify and assess risks 6: Identify measures to mitigate risk 7: Sign off and record outcomes 8: Integrate outcomes into plan 9: Keep under review Data Protection Practitioners’ Conference 2018 #DPPC2018

What’s the potential impact? Identify risks What’s the potential impact? Data Protection Practitioners’ Conference 2018 #DPPC2018

Recital 77 “The risk to the rights and freedoms of natural persons, of varying likelihood and severity, may result from data processing which could lead to physical, material or non-material damage, in particular: where the processing may give rise to discrimination, identity theft or fraud, financial loss, damage to the reputation, loss of confidentiality of personal data protected by professional secrecy, unauthorised reversal of pseudonymisation, or any other significant economic or social disadvantage; where data subjects might be deprived of their rights and freedoms or prevented from exercising control over their personal data…”. Data Protection Practitioners’ Conference 2018 #DPPC2018

Data Protection Practitioners’ Conference 2018 #DPPC2018

Why not get involved? Go to slido.com/#DPPC2018/DPIA #DPPC2018 Data Protection Practitioners’ Conference 2018 #DPPC2018

#DPPC2018 Data Protection Practitioners’ Conference 2018 1: Identify need for a DPIA 2: Describe the processing 3: Consider consultation 4: Assess necessity and proportionality 5: Identify and assess risks 6: Identify measures to mitigate risk 7: Sign off and record outcomes 8: Integrate outcomes into plan 9: Keep under review Data Protection Practitioners’ Conference 2018 #DPPC2018

Identify measures Risk mitigation #DPPC2018 Ask your DPO for advice Data Protection Practitioners’ Conference 2018 #DPPC2018

DPIA consultation- closes Friday Tell us your thoughts @ ico.org.uk Data Protection Practitioners’ Conference 2018 #DPPC2018

What is your level of residual risk? DPIA sign-off What is the outcome? What is your level of residual risk? Data Protection Practitioners’ Conference 2018 #DPPC2018

Data Protection Practitioners’ Conference 2018 #DPPC2018

Tell us what you think Go to slido.com/#DPPC2018/DPIA #DPPC2018 Data Protection Practitioners’ Conference 2018 #DPPC2018

DPIA consultation- closes Friday Tell us your thoughts @ ico.org.uk Data Protection Practitioners’ Conference 2018 #DPPC2018

Guide to the GDPR DPIA Awareness checklist DPIA Screening checklist DPIA Process checklist Data Protection Practitioners’ Conference 2018 #DPPC2018

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.