Courses take place in:

London, Manchester, Edinburgh, Glasgow, Belfast and Isle of Man

Data Protection Impact Assessments (DPIAs) enable organisations to assess potential data protection and other privacy implications at the design stage of a new system or process. Such risks can be assessed and addressed within the development of the system or process, rather than being a “bolt-on” after implementation (when it may be too late to address all the concerns, at least without significant cost implications).

DPIAs are recommended by data protection regulators, and they are a requirement in some sectors. DPIAs are an important part of the “privacy by design” culture, and they will be mandatory under the General Data Protection Regulation.

Different approaches and levels of assessment can be undertaken depending on the nature of the system/process and the size of the organisation. This course gives practical guidance on conducting DPIAs, and includes:

• what is a DPIA, and when should one be carried out
• national regulators’ recommendations and guidance
• stages of a DPIA and what to do in practice: initial assessment, preparation, information flows, consultation with stakeholders, analysis, documentation
• the relationship between conducting PIAs with other risk and project management activities (e.g. other risk assessments, data protection audits)
• legal and compliance issues to consider

Attendance on this course can be used as credit towards gaining the Practitioner Certificate in Data Protection.