Data protection impact assessment (DPIA)

The GDPR provides numerous instruments for measuring and managing compliance with data protection law, and any company may be obliged to carry out a data protection impact assessment (DPIA).

Request a non-binding introduction now

Data protection impact assessment: minimising risks and effort

In a certain sense, the new data protection impact assessment (DPIA) is the direct successor to the assessment prior to processing provided for in the German Federal Data Protection Act. A data protection impact assessment is required if the type of processing, in particular when using new technologies, may be expected to entail a high risk to the rights and freedoms of natural persons due to the nature, scope, context, and purposes of processing.

This is always the case if particularly sensitive data (data concerning health, credit card data) or large volumes of data are processed. A DPIA is also required wherever CCTV is used. The DPIA is therefore a useful instrument for the comprehensive analysis and evaluation of the data protection law risks of specific processing activities.

ISiCO handles the full execution and documentation of data protection impact assessments in your company. In addition to conventional DPIA, we also handle industry-specific DPIAs in the healthcare sector, where special requirements apply.

More benefits of using ISiCO:

  • Monitoring the execution of individual data protection impact assessments
  • Review of existing documentation (pursuant to both the German Federal Data Protection Act and the GDPR)
  • Comprehensive advice – from initial contact to completed data protection impact assessment
  • Support in selecting technical and organisational measures (TOM)
  • Support for internal data protection officer when preparing a DPIA
  • Handling of event-driven inspections of the data protection impact assessment
  • Routine reviews without cause of the DPIA

Enquire about ISiCO experts now

Companies that already trust us

Choose ISiCO now!

You extensively process special categories of personal data or want to undertake a systematic and comprehensive assessment of personal aspects relating to natural persons? Some sectors are less likely to be compelled to perform a data protection impact assessment than others. The latter group particularly includes the healthcare sector, which processes large volumes of special categories of personal data – data concerning health.

No matter what industry your company operates in: trust in our expertise and benefit from the many years of experience of our consultants, who also boast extensive competence in dealing with complex technical issues.

Your solution for the best data protection

The basis of every good business relationship is trust. Strengthen the relationship with your customers with our expertise in data protection. This will give your company a strong competitive advantage and allow you to concentrate fully on your business.

Arrange a free introductory appointment

Your ISiCO-Expert:
Dr. Philipp Siedenburg
Director Data Privacy

News zu diesem Thema

02.07.2024

Verzeichnis von Verarbeitungstätigkeiten (VVT) einfach erklärt – mit Leitfaden & Checkliste

Wer muss ein Verzeichnis von Verarbeitungstätigkeiten (VVT) erstellen? Wie wird er aufgebaut? Wie oft muss das VVT aktualisiert und überprüft werden? In welcher Form und Sprache muss das VVT geführt werden? Eine Übersicht mit Checklisten und Tipps.

Read more …