Data Protection Impact Assessment

What is a Data Protection Impact Assessment (DPIA)?

A DPIA is carried out in circumstances where data is being processed and there is a need to identify and minimise risks where possible.

In this section, we cover examples of a DPIA and how we can help your organisation

Do you need to conduct a DPIA?

The first step is to understand the circumstances where a Data Protection Impact Assessment is needed

New Technology

The use of new technology that involves combining the use of finger print and face recognition for improved physical access control or development of APPs that process personal data

Vulnerable Data Subjects

Processing of data concerning vulnerable data subjects such as children or where there is an increased power imbalance between the data controller and the date subject, particularly if the individual cannot give their consent.

When might a DPIA be required?

Special Category Data

Processing of Special Category data, for example, health information, which potentially poses a high risks to the rights and freedoms of individuals in the event of a breach.


Monitoring (CCTV) of a publicly accessible area whereby individuals are not aware their data  is being collected

Everything you need for data protection compliance - here's how we can help

Book a discovery call

Book a discovery call with us to ascertain if a DPIA is required

Virtual or In Person?

We will carry out an impact assessment virtually or in person with you and other key staff in your organisation

Comprehensive DPIA Report

We will provide a comprehensive report and recommendations on the appropriate controls required to mitigate or minimise any risks identified in the assessment.

Action Plan

We will provide an action plan on how to implement the controls

Guidance & Documentation

We provide guidance and documentation which allows you and your staff to carry out any future DPIA if and when required.

Conduct Data Protection Impact Assessments today