Data protection impact assessments in the EU

Robert Bond (robert.bond@bristows.com) is Senior Counsel & Notary Public at Bristows LLP in London, UK.

A data protection impact assessment (DPIA) is usually carried out by organizations processing new personal data or deciding whether to process data in new ways or by using new technology. Many jurisdictions require the use of a DPIA, not just the European Union (EU).

The assessments are usually aimed at assisting organizations with:

  • Identifying the nature, scope, context, and purposes of the processing;

  • Assessing necessity, proportionality, and compliance measures;

  • Identifying and assessing risks to individuals and the organizations involved; and

  • Identifying measures to mitigate those risks.

This document is only available to members. Please log in or become a member.
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field