Data Protection Impact Assessment
What is a Data Protection Impact Assessment?
Data Protection Impact Assessment (DPIA) is a process for building and demonstrating compliance.
A DPIA is a direct consequence of the accountability principle of the General Data Privacy Regulations (GDPR). An organization is accountable for demonstrating that it has taken all of the measures necessary to ensure compliance with the GDPR.
Data controllers should see carrying out a DPIA as a useful and positive activity that aids legal compliance.
A DPIA is required whenever processing is likely to result in a high risk to the rights and freedoms of individuals.
The DPIA should be conducted BEFORE the processing and should be considered as a living tool, not merely as a one-off exercise. Where there are residual risks that can’t be mitigated by the measures put in place, the Data Protection Authority (DPA) must be consulted prior to the start of the processing.
DPIA Checklist and Pre-Screening Questionnaire
In case a business unit/department/unit/function at Webster University is proposing to introduce a new business activity or data processing solution where the new service(s) will involve the processing of personal data, Webster University DPIA Checklist and Pre-Screening Questionnaire will need to be completed. As Data Controller for our employee, student and business contact data Webster University is required to perform and document a data protection impact assessment (DPIA) for the University´s internal processing. A DPIA is an assessment of “the necessity and proportionality of the processing” and “the impact to the rights and freedoms of individuals over the processing of their personal data”. A DPIA is also required when new technologies are introduced and when existing personal data will be used for new purposes.
Webster University Data Protection Impact Assessment Explained and the DPIA Checklist and Pre-Screening Questionnaire are to be accessed via Webster University’s Intranet Connections 2.0.
Webster University business owners are required to complete the DPIA Checklist and Pre-Screening Questionnaire and submit this assessment to:
Further GDPR and DPIA Resources:
- Webster University Office of Privacy and Information Security
- European Data Protection Board
- General Data Protection Regulation Articles and Recitals
- The International Association of Privacy Professionals