Data protection impact assessment (DPIA)
The GDPR provides numerous instruments for measuring and managing compliance with data protection law, and any company may be obliged to carry out a data protection impact assessment (DPIA).
In a certain sense, the new data protection impact assessment (DPIA) is the direct successor to the assessment prior to processing provided for in the German Federal Data Protection Act.
A data protection impact assessment is required if the type of processing, in particular when using new technologies, may be expected to entail a high risk to the rights and freedoms of natural persons due to the nature, scope, context, and purposes of processing.
This is always the case if particularly sensitive data (data concerning health, credit card data) or large volumes of data are processed. A DPIA is also required wherever CCTV is used. The DPIA is therefore a useful instrument for the comprehensive analysis and evaluation of the data protection law risks of specific processing activities.
ISiCO handles the full execution and documentation of data protection impact assessments in your company. In addition to conventional DPIAs, we also handle industry-specific DPIAs in the healthcare sector, where special requirements apply.
From A to Z:
- Full execution of DPIAs, incl. detailed documentation
More benefits of using ISiCO:
- Monitoring the execution of individual data protection impact assessments
- Review of existing documentation (pursuant to both the German Federal Data Protection Act and the GDPR)
- Comprehensive advice – from initial contact to completed data protection impact assessment
- Support in selecting technical and organisational measures (TOMs)
- Support for internal data protection officer when preparing a DPIA
- Handling of event-driven inspections of the data protection impact assessment
- Routine reviews without cause of the DPIA
You extensively process special categories of personal data or want to undertake a systematic and comprehensive assessment of personal aspects relating to natural persons?
Some sectors are less likely to be compelled to perform a data protection impact assessment than others. The latter group particularly includes the healthcare sector, which processes large volumes of special categories of personal data – data concerning health.
No matter which sector you work in, trust in our expertise and benefit from the longstanding experience of our consultants, who possess in-depth knowledge of even the most complex technical issues.