Ensuring all new projects or processes are compliant with the General Data Protection Regulation (GDPR).
A DPIA supports the identification of and mitigation against data protection related risks arising from a new project or process, which may affect your organisation or individuals it engages with. The DPIA helps organisations make informed decisions about the acceptability of data protection risks, a mandatory requirement under Article 35 of the GDPR, for any high-risk data processing project.
PrivacyEngineTM expert data protection consultants facilitate interactive workshops and offer practical, commercially appropriate recommendations as to how identified possible risks and gaps can be addressed and resolved in a timely manner, and with minimal disruption to the organisation’s day-to-day business operations.
If you answered yes to any of these questions, schedule a consultation with us.
A DPIA will deliver real benefits and return on your investment (ROI).
The ROI can be realised through:
The PrivacyEngine DPIA is a 6-step process specifically designed to identify and address all Data Protection risks within a new or existing project.
Step 1: Stakeholders, Systems and Entities
A complete list of stakeholders, entities and systems. Anyone or anything that processes personal data should be considered in this category. This could be a job role, a person, a third party or a computer system.
Step 2: Identify Processes
A complete list of data management processes. A process is any event that is required to complete a business function. The focus is on processes that involve personal and special categories of data.
Step 3: Workflow Analysis
For processes identified in Step 2, we assess via our facilitated collaborative workshops what data is processed, what systems have visibility of this data, where the data is processed and who has access to it.
Step 4: Data Protection Assessment
For each process identified in Step 3, we categorise the processing according to UK Data Protection Act 2018 (GDPR) compliance requirements, areas of consideration and evaluation of potential risk.
Step 5: Risk Analysis
A Risk Register is created in parallel with Step 4 to measure risk against likelihood and severity. A point in time heat map is generated for executive /c-suite leadership attention as to the current risk status.
Step 6: Implementation
An agreed implementation plan is formalised into actionable items and after implementation a new point in time heat map is generated to reflect progress and identify next steps.
A DPIA engagement can vary depending on the customer and the complexity of the proposed processing change. Our experienced team of data protection consultants will work with you to identify the most suitable candidates for the assessment workshop.
You can add a customer testimonials for social proof. It increases your authenticity and credibility. It directly help you achieving your goals. You also add a picture of a customer and a link to their website.
CEO, Company Name