Data Protection Impact Assessment (DPIA)

Owned by Roxy Sanchez
Last updated: Dec 18, 2022 by leigh

Does your organisation conduct a Data Protection Impact Assessment (DPIA) for all processing that is likely to result in a high risk to individuals?

As part of ISO27001 certified ISMS we have a documented Change Management Policy and procedure that incorporates information security and data protection elements including DPIAs. A standardised template is used for recording operational changes.

The first part of our Change Management approach is a DPIA triage that identifies the need for a full DPIA and why. The full DPIA includes (where required) stakeholder consultations, risk assessments, implementation planning, testing scheduled and an LIA where Legitimate Interests is identified as the lawful basis.

The development of the Commonplace platform is managed through the development lifecycle. Flags and indicators are included in the development planning and development process to ensure Information Security/Data Protection input is obtained where required.