How to conduct DPIAs

How to conduct DPIAs

An examination of the legal obligations to conduct DPIAs—for privacy champions and teams implementing projects, new products and services.

By Freevacy Ltd

Select date and time

Monday, June 2 · 2 - 7am PDT

Location

Online

Refund Policy

No Refunds

About this event

A Data Protection Impact Assessment (DPIA) is a required accountability process to demonstrate compliance with the UK General Data Protection Regulation (GDPR). Organisations use DPIAs to analyse, identify, and minimise any data protection risks while considering the benefits of a proposed business process, project or plan.

Conducting a DPIA is a legal requirement for any type of processing that is likely to result in a high risk. In the event of a data breach or a violation of the GDPR, regulatory authorities such as the UK Information Commissioner's Office (ICO) will ask to see any relevant DPIAs to understand whether appropriate technical and organisational measures were put in place to protect the rights of data subjects. Failure to provide evidence that a DPIA has been conducted will significantly increase the likelihood of enforcement action; such is their importance.

DPIAs are a risk assessment tool used to identify problems during the planning stage and throughout the development process. They help to ensure project benefits are realised on time and within budget. While the data protection officer (DPO) may recommend where a DPIA is required, the responsibility for conducting them lies with the controller. In reality, this often falls to the business function in question.

This one-day course ensures that privacy champions and teams responsible for delivering projects understand their legal responsibilities when conducting DPIAs. It examines the requirements set out in the UK General Data Protection Regulation (GDPR), the Data Protection Act 2018 (DPA18), and follows the latest ICO guidance.

The course covers:


  • What is a DPIA?
  • The legal requirements for a DPIA
  • Data Protection by Design and Default
  • The benefits of conducting DPIAs for organisations and data subjects
  • When to conduct a DPIA
  • How to conduct DPIAs
  • Who should be involved in the completion of a DPIA?
  • Consultation with stakeholders
  • Identifying the proposed information flow
  • Identifying data protection and related risks
  • What does high risk mean?
  • How to identify if an activity is high risk?
  • Determining whether the risk is acceptable
  • Consulting with the ICO
  • Should the DPIA be published?

Tags

Organized by

Freevacy Ltd

Freevacy is a dedicated Information Rights training provider, offering continuous professional development for DPOs, compliance teams, executives and frontline employees. We offer a complimentary range of certificated training courses from two globally recognised independent examination bodies, the IAPP and BCS. We also deliver custom learning and development programmes to establish a privacy-compliant culture throughout the workforce. Our informal, interactive and in-depth training strikes the perfect balance between practical, real-world situations and the law.

Training during the COVID-19 pandemic

We deliver all BCS and IAPP certified training courses through live online classes. Whether attending from home, or the office, training is delivered safely across a secure WebEx platform with all the support and interactivity found in the classroom.

£474