DPIA

The origin of Data Protection Impact Assessments

Posted on

The use of an assessment methodology to personal understand privacy risks and rights has been known since the mid-1990s [1]. The growing interest in what were then called Privacy Impact Assessments (PIA) was triggered by the exponential growth of data storage and analysis plus the public reaction to the inevitable leaks and scandals. Today DPIAs […]

Compliance

Do I have to do a Data Protection Impact Assessment?

Posted on

The law across Europe now says a DPIA is required when the processing is “likely to result in a high risk to the rights and freedoms of natural persons” (GDPR Article 35(1)).  Where the key term is “high risk”. To be clear not all processing requires a DPIA.  A DPIA is mandatory for that subset of processing activities which meet the threshold of high risk. Since GDPR […]

Compliance

CCTV and Data Privacy: What’s the story?

Posted on

A sensible and well-designed and CCTV system is a powerful tool for deterring criminals and tackling security issues. On the other hand, badly designed systems, cause legal and PR problems while generating a false sense of security. In our experience, privacy and security are not mutually exclusive. We find a pragmatic approach based on the […]

DPIA

The What, Which, When & Who of DPIAs

Posted on
DPIAs are how an organisation manages risk when start a new type of data processing

Data Protection Impact Assessments (DPIAs) are an often misunderstood element of GDPR compliance. Like so much of the GDPR there is little precision in the regulations, but a process must be followed and an artefact must be produced.  This DigiTorc article, one of a series of occasional articles, defines: What a DPIA must consist of? Which processing activities require a DPIA? […]