The EU General Data Protection Regulation (GDPR) mandates the performance of a Data Protection Impact Assessment (DPIA) to understand how organisations process, store, share and dispose of personal and sensitive information. The GDPR or equivalent legislation will apply in the UK from May 2018.

As part of CGI’s cyber security information and data privacy services, we work with clients to perform a DPIA to identify and mitigate privacy risks. Organisations must formally establish how they process, store, share and dispose or personal and sensitive information and apply appropriate organisational and technical measures.

The challenge

How well do you understand your organisation’s personal and sensitive information and if it is managed securely? Measures must be taken to ensure compliance and provide customers, staff, partners and stakeholders with assurance that you are acting appropriately to protect their personal and sensitive information. This not only ensures compliance with regulations, but also gives your organisation advantage over less secure competitors.

What is a DPIA?

A DPIA is a study of a business system, network and/or application and the information and data held by specific parts of the business. DPIAs will help identify the most effective way to comply with data protection obligations and meet privacy expectations. As part of a ‘privacy by design’ approach, DPIAs will enable organisations to identify and mitigate issues at an early stage and potentially reduce any associated costs and damage to business

What are the benefits of a DPIA?

  • Protecting your business’ brand by recognising and identifying privacy risks and implementing appropriate measures of security.
  • Less risk of imposed penalties for non-compliance to the GDPR.
  • Conducting DPIAs early in the transition from the Data Protection Act to GDPR, will provide organisations with the time needed to prepare any compliance activities identified.
  • Clear roles and responsibilities for data controllers and data processors.
  • Ensuring ‘privacy by design’ is considered and applied early in the technical and architectural design of new projects, or upgrades to current systems and processes.
  • Confidence that third party suppliers, partners and contractors are also handling information and data in a compliant manner.

Contact us for more information or to discuss your data protection impact requirements.