Implementing DPIA: A Comprehensive Guide from Data Protection Practitioners Conference 2018

Learn how to carry out a Data Protection Impact Assessment (DPIA) effectively with insights shared at the Data Protection Practitioners Conference 2018. This guide covers the steps involved in conducting a DPIA, including identifying the need, assessing risks, integrating outcomes, and more. Understand the purpose, context, scope, and nature of processing data to ensure compliance with GDPR requirements. Checklists and visual aids provided offer a practical approach to implementing DPIAs in your organization. Engage in discussions and find answers to your questions at the conference.

• DPIA
• Data Protection
• GDPR
• Data Processing
• Data Protection Practitioners

halo Follow

Uploaded on Jul 30, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. Data Protection Impact Assessments How do we carry out a DPIA? Data Protection Practitioners Conference 2018 #DPPC2018

2. Guide to the GDPR DPIA Awareness checklist DPIA Screening checklist DPIA Process checklist Data Protection Practitioners Conference 2018 #DPPC2018

3. 1: Identify need for a DPIA 9: Keep under review 2: Describe the processing 8: Integrate outcomes into plan 3: Consider consultation 7: Sign off and record outcomes 4: Assess necessity and proportionality 6: Identify measures to mitigate risk 5: Identify and assess risks Data Protection Practitioners Conference 2018 #DPPC2018

4. Describe the processing: Purpose of the processing What do you want to achieve? What are the benefits to you and more broadly? What is the intended effect on individuals? Data Protection Practitioners Conference 2018 #DPPC2018

5. Describe the processing: Context of the processing What is your relationship with the individuals? Would they expect you to do this? might they object? Is this novel? Are there any concerns you are aware of? Data Protection Practitioners Conference 2018 #DPPC2018

6. Describe the processing: of the processing Scope How much data will you collect and use, and how often? Is it special category or criminal offence data, how long will you keep it? How many individuals does it relate to, over how large an area? Data Protection Practitioners Conference 2018 #DPPC2018

7. Describe the processing: Nature of the processing How will you collect, use, store and delete data? What is the source of the data? Will you be sharing data with anyone? Data Protection Practitioners Conference 2018 #DPPC2018

8. Want to ask us a question? Go to slido.com/#DPPC2018/DPIA Data Protection Practitioners Conference 2018 #DPPC2018

9. 1: Identify need for a DPIA 9: Keep under review 2: Describe the processing 8: Integrate outcomes into plan 3: Consider consultation 7: Sign off and record outcomes 4: Assess necessity and proportionality 6: Identify measures to mitigate risk 5: Identify and assess risks Data Protection Practitioners Conference 2018 #DPPC2018

10. Consider consultation Are you consulting with individuals or their representatives? If not, have you documented why? Data Protection Practitioners Conference 2018 #DPPC2018

11. Consider consultation Have you consulted with relevant internal stakeholders? Have you considered getting external advice? Data Protection Practitioners Conference 2018 #DPPC2018

12. Why not get involved? Go to slido.com/#DPPC2018/DPIA Data Protection Practitioners Conference 2018 #DPPC2018

13. 1: Identify need for a DPIA 9: Keep under review 2: Describe the processing 8: Integrate outcomes into plan 3: Consider consultation 7: Sign off and record outcomes 4: Assess necessity and proportionality 6: Identify measures to mitigate risk 5: Identify and assess risks Data Protection Practitioners Conference 2018 #DPPC2018

14. Necessity and proportionality Can you identify a valid lawful basis? Does your processing actually achieve your purpose? Is there a less intrusive way of reaching the same outcome? Data Protection Practitioners Conference 2018 #DPPC2018

15. Necessity and proportionality How will you prevent function creep? How will you ensure data quality? How will you ensure data minimisation? Data Protection Practitioners Conference 2018 #DPPC2018

16. Necessity and proportionality What information will you give individuals? How will you help to support their rights? Data Protection Practitioners Conference 2018 #DPPC2018

17. Necessity and proportionality What measures do you take to ensure processors comply? How do you safeguard any international transfers? Data Protection Practitioners Conference 2018 #DPPC2018

18. DPIA consultation- closes Friday Tell us your thoughts @ ico.org.uk Data Protection Practitioners Conference 2018 #DPPC2018

19. 1: Identify need for a DPIA 9: Keep under review 2: Describe the processing 8: Integrate outcomes into plan 3: Consider consultation 7: Sign off and record outcomes 4: Assess necessity and proportionality 6: Identify measures to mitigate risk 5: Identify and assess risks Data Protection Practitioners Conference 2018 #DPPC2018

20. Identify risks What s the potential impact? Data Protection Practitioners Conference 2018 #DPPC2018

21. Recital 77 The risk to the rights and freedoms of natural persons, of varying likelihood and severity, may result from data processing which could lead to physical, material or non-material damage, in particular: where the processing may give rise to discrimination, identity theft or fraud, financial loss, damage to the reputation, loss of confidentiality of personal data protected by professional secrecy, unauthorised reversal of pseudonymisation, or any other significant economic or social disadvantage; where data subjects might be deprived of their rights and freedoms or prevented from exercising control over their personal data . Data Protection Practitioners Conference 2018 #DPPC2018

22. Data Protection Practitioners Conference 2018 #DPPC2018

23. Why not get involved? Go to slido.com/#DPPC2018/DPIA Data Protection Practitioners Conference 2018 #DPPC2018

24. 1: Identify need for a DPIA 9: Keep under review 2: Describe the processing 8: Integrate outcomes into plan 3: Consider consultation 7: Sign off and record outcomes 4: Assess necessity and proportionality 6: Identify measures to mitigate risk 5: Identify and assess risks Data Protection Practitioners Conference 2018 #DPPC2018

25. Identify measures Risk mitigation Ask your DPO for advice Data Protection Practitioners Conference 2018 #DPPC2018

26. DPIA consultation- closes Friday Tell us your thoughts @ ico.org.uk Data Protection Practitioners Conference 2018 #DPPC2018

27. DPIA sign-off What is the outcome? What is your level of residual risk? Data Protection Practitioners Conference 2018 #DPPC2018

28. Data Protection Practitioners Conference 2018 #DPPC2018

29. Tell us what you think Go to slido.com/#DPPC2018/DPIA Data Protection Practitioners Conference 2018 #DPPC2018

30. DPIA consultation- closes Friday Tell us your thoughts @ ico.org.uk Data Protection Practitioners Conference 2018 #DPPC2018

31. Guide to the GDPR DPIA Awareness checklist DPIA Screening checklist DPIA Process checklist Data Protection Practitioners Conference 2018 #DPPC2018