Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Protection Impact Assessments How do we carry out a DPIA?

Published byBrynjulf Henriksen Modified over 6 years ago

Similar presentations

Presentation on theme: "Data Protection Impact Assessments How do we carry out a DPIA?"— Presentation transcript:

1 Data Protection Impact Assessments How do we carry out a DPIA?
Data Protection Practitioners’ Conference 2018 #DPPC2018

2 Guide to the GDPR DPIA Awareness checklist DPIA Screening checklist
DPIA Process checklist Data Protection Practitioners’ Conference 2018 #DPPC2018

3 #DPPC2018 Data Protection Practitioners’ Conference 2018
1: Identify need for a DPIA 2: Describe the processing 3: Consider consultation 4: Assess necessity and proportionality 5: Identify and assess risks 6: Identify measures to mitigate risk 7: Sign off and record outcomes 8: Integrate outcomes into plan 9: Keep under review Data Protection Practitioners’ Conference 2018 #DPPC2018

4 Describe the processing: Purpose of the processing
What do you want to achieve? What are the benefits – to you and more broadly? What is the intended effect on individuals? Data Protection Practitioners’ Conference 2018 #DPPC2018

5 Describe the processing: Context of the processing
What is your relationship with the individuals? Would they expect you to do this? might they object? Is this novel? Are there any concerns you are aware of? Data Protection Practitioners’ Conference 2018 #DPPC2018

6 Describe the processing: Scope of the processing
How much data will you collect and use, and how often? Is it special category or criminal offence data, how long will you keep it? How many individuals does it relate to, over how large an area? Data Protection Practitioners’ Conference 2018 #DPPC2018

7 Describe the processing: Nature of the processing
How will you collect, use, store and delete data? What is the source of the data? Will you be sharing data with anyone? Data Protection Practitioners’ Conference 2018 #DPPC2018

8 Want to ask us a question?
Go to slido.com/#DPPC2018/DPIA Data Protection Practitioners’ Conference 2018 #DPPC2018

9 #DPPC2018 Data Protection Practitioners’ Conference 2018
1: Identify need for a DPIA 2: Describe the processing 3: Consider consultation 4: Assess necessity and proportionality 5: Identify and assess risks 6: Identify measures to mitigate risk 7: Sign off and record outcomes 8: Integrate outcomes into plan 9: Keep under review Data Protection Practitioners’ Conference 2018 #DPPC2018

10 Consider consultation
Are you consulting with individuals or their representatives? If not, have you documented why? Data Protection Practitioners’ Conference 2018 #DPPC2018

11 Consider consultation
Have you consulted with relevant internal stakeholders? Have you considered getting external advice? Data Protection Practitioners’ Conference 2018 #DPPC2018

12 Why not get involved? Go to slido.com/#DPPC2018/DPIA #DPPC2018
Data Protection Practitioners’ Conference 2018 #DPPC2018

13 #DPPC2018 Data Protection Practitioners’ Conference 2018
1: Identify need for a DPIA 2: Describe the processing 3: Consider consultation 4: Assess necessity and proportionality 5: Identify and assess risks 6: Identify measures to mitigate risk 7: Sign off and record outcomes 8: Integrate outcomes into plan 9: Keep under review Data Protection Practitioners’ Conference 2018 #DPPC2018

14 Necessity and proportionality
Can you identify a valid lawful basis? Does your processing actually achieve your purpose? Is there a less intrusive way of reaching the same outcome? Data Protection Practitioners’ Conference 2018 #DPPC2018

15 Necessity and proportionality
How will you prevent function creep? How will you ensure data quality? How will you ensure data minimisation? Data Protection Practitioners’ Conference 2018 #DPPC2018

16 Necessity and proportionality
What information will you give individuals? How will you help to support their rights? Data Protection Practitioners’ Conference 2018 #DPPC2018

17 Necessity and proportionality
What measures do you take to ensure processors comply? How do you safeguard any international transfers? Data Protection Practitioners’ Conference 2018 #DPPC2018

18 DPIA consultation- closes Friday
Tell us your ico.org.uk Data Protection Practitioners’ Conference 2018 #DPPC2018

19 #DPPC2018 Data Protection Practitioners’ Conference 2018
1: Identify need for a DPIA 2: Describe the processing 3: Consider consultation 4: Assess necessity and proportionality 5: Identify and assess risks 6: Identify measures to mitigate risk 7: Sign off and record outcomes 8: Integrate outcomes into plan 9: Keep under review Data Protection Practitioners’ Conference 2018 #DPPC2018

20 What’s the potential impact?
Identify risks What’s the potential impact? Data Protection Practitioners’ Conference 2018 #DPPC2018

21 Recital 77 “The risk to the rights and freedoms of natural persons, of varying likelihood and severity, may result from data processing which could lead to physical, material or non-material damage, in particular: where the processing may give rise to discrimination, identity theft or fraud, financial loss, damage to the reputation, loss of confidentiality of personal data protected by professional secrecy, unauthorised reversal of pseudonymisation, or any other significant economic or social disadvantage; where data subjects might be deprived of their rights and freedoms or prevented from exercising control over their personal data…”. Data Protection Practitioners’ Conference 2018 #DPPC2018

22 Data Protection Practitioners’ Conference 2018
#DPPC2018

23 Why not get involved? Go to slido.com/#DPPC2018/DPIA #DPPC2018
Data Protection Practitioners’ Conference 2018 #DPPC2018

24 #DPPC2018 Data Protection Practitioners’ Conference 2018
1: Identify need for a DPIA 2: Describe the processing 3: Consider consultation 4: Assess necessity and proportionality 5: Identify and assess risks 6: Identify measures to mitigate risk 7: Sign off and record outcomes 8: Integrate outcomes into plan 9: Keep under review Data Protection Practitioners’ Conference 2018 #DPPC2018

25 Identify measures Risk mitigation #DPPC2018 Ask your DPO for advice
Data Protection Practitioners’ Conference 2018 #DPPC2018

26 DPIA consultation- closes Friday
Tell us your ico.org.uk Data Protection Practitioners’ Conference 2018 #DPPC2018

27 What is your level of residual risk?
DPIA sign-off What is the outcome? What is your level of residual risk? Data Protection Practitioners’ Conference 2018 #DPPC2018

28 Data Protection Practitioners’ Conference 2018
#DPPC2018

29 Tell us what you think Go to slido.com/#DPPC2018/DPIA #DPPC2018
Data Protection Practitioners’ Conference 2018 #DPPC2018

30 DPIA consultation- closes Friday
Tell us your ico.org.uk Data Protection Practitioners’ Conference 2018 #DPPC2018

31 Guide to the GDPR DPIA Awareness checklist DPIA Screening checklist
DPIA Process checklist Data Protection Practitioners’ Conference 2018 #DPPC2018

Download ppt "Data Protection Impact Assessments How do we carry out a DPIA?"

Similar presentations

1 Improving Services and Performance Toolkit for Effective Front-line Services to Youth Module Six: Documentation: Record- keeping, and Case Notes.

1 Improving Services and Performance Toolkit for Effective Front-line Services to Youth Module Six: Documentation: Record- keeping, and Case Notes.
Risk Management Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.

Risk Management Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.
Systemise your compliance management Peter Scott Consulting www.peterscottconsult.co.uk.

Systemise your compliance management Peter Scott Consulting
Privacy Impact Assessments Iain Bourne, Group Manager, Policy Delivery Information Commissioner’s Office, UK Workshop on data protection and the internet:

Privacy Impact Assessments Iain Bourne, Group Manager, Policy Delivery Information Commissioner’s Office, UK Workshop on data protection and the internet:
Risk Management Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.

Risk Management Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.
Legal framework Look at the legal compliance and framework a business is subject to.

Legal framework Look at the legal compliance and framework a business is subject to.
DATA PROTECTION ACT 1998. INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March 2000. It is more far reaching than its predecessor,

DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
CMG Events 2016 Cybersecurity Briefing 24 February 2016 John Magee William Fry.

CMG Events 2016 Cybersecurity Briefing 24 February 2016 John Magee William Fry.
Using GAO’s Fraud Risk Management Framework

Using GAO’s Fraud Risk Management Framework
Business Challenges in the evolution of HOME AUTOMATION (IoT)

Business Challenges in the evolution of HOME AUTOMATION (IoT)
Protection of Personal Information Act An Analysis on the impact.

Protection of Personal Information Act An Analysis on the impact.
ETHICAL ISSUES IN HEALTH AND NURSING PRACTICE CODE OF ETHICS, STANDARDS OF CONDUCT, PERFORMANCE AND ETHICS FOR NURSES AND MIDWIVES.

ETHICAL ISSUES IN HEALTH AND NURSING PRACTICE CODE OF ETHICS, STANDARDS OF CONDUCT, PERFORMANCE AND ETHICS FOR NURSES AND MIDWIVES.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.

SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
Learning objective ................... Understand how to safeguard children in relation to legislation, frameworks, policies and procedures. Identify current.

Learning objective Understand how to safeguard children in relation to legislation, frameworks, policies and procedures. Identify current.
GDPR Module 3: Accountability and Governance

GDPR Module 3: Accountability and Governance
Running a Privacy Impact Assessment (PIA)

Running a Privacy Impact Assessment (PIA)
Issues of personal data protection in scientific research

Issues of personal data protection in scientific research
Privacy Impact Assessments (PIAs)

Privacy Impact Assessments (PIAs)
Risk Management Policy & Procedures

Risk Management Policy & Procedures
GDPR Awareness and Training Workshop

GDPR Awareness and Training Workshop

Similar presentations

Ads by Google