What does the GDPR say about DPIA’s?
“The risk to the rights and freedoms of natural persons, of varying likelihood and severity, may result from data processing which could lead to physical, material or non-material damage, in particular: where the processing may give rise to discrimination, identity theft or fraud, financial loss, damage to the reputation, loss of confidentiality of personal data protected by professional secrecy, unauthorised reversal of pseudonymisation, or any other significant economic or social disadvantage; where data subjects might be deprived of their rights and freedoms or prevented from exercising control over their personal data…”
We must then focus on any potential harm to individuals first and foremost. The impact on society as a whole may also be a relevant risk factor.
A DPIA must assess the level of risk, and in particular whether it is ‘high risk’. The UK GDPR is clear that assessing the level of risk involves looking at both the likelihood and the severity of the potential harm.
For more information on Data Protection Impact Assessments tune in to our Podcast below where we share our experiences of working with DPIA’s and discuss how we have supported our clients to overcome common challenges.
Data Protection People host webinars every Friday lunchtime alternating between news of the week and topical conversation surrounding Data Protection. Our sessions are completely free to join and we always welcome new members to our ever-growing Data Protection community. If you would like to join our session live, please get in touch with: [email protected]
If you would like to take a look back at our previous podcasts you can find us on all audio-streaming platforms, including Spotify and Apple Music, by searching ‘Data Protection Made Easy’.