Data Protection Impact Assessment

What is a Data Protection Impact Assessment?
Data Protection Impact Assessment (DPIA) is a process for building and demonstrating compliance. It is a direct consequence of the . An organization is accountable for demonstrating that it has taken all of the measures necessary to ensure compliance with the GDPR.

should see carrying out a DPIA as a useful and positive activity that aids legal compliance.

A DPIA is required whenever processing is likely to result in a .

The DPIA should be conducted BEFORE the processing and should be considered as a living tool, not merely as a one-off exercise. Where there are residual risks that can鈥檛 be mitigated by the measures put in place, the Data Protection Authority (DPA) must be consulted prior to the start of the processing.

hand and computer

DPIA Checklist and Pre-Screening Questionnaire
If a business unit/department/unit/function at 黑料网 is proposing to introduce a new business activity or data processing solution where the new service(s) will involve the processing of personal data, a 黑料网 DPIA Checklist and Pre-Screening Questionnaire will need to be completed.

As Data Controller for our employee, student and business contact data, 黑料网 is required to perform and document a DPIA for the University's internal processing. The DPIA is an assessment of 鈥渢he necessity and proportionality of the processing鈥 and 鈥渢he impact to the rights and freedoms of individuals over the processing of their personal data.鈥 A DPIA is also required when new technologies are introduced and when existing personal data will be used for new purposes.

黑料网 Data Protection Impact Assessment Explained and the can be accessed via the .

黑料网 business owners are required to complete the DPIA Checklist and Pre-Screening Questionnaire and submit this assessment to eschickbodric73@webster.edu or privacy@webster.edu. 

Further GDPR and DPIA Resources: