A good DPIA will help you sort out the sensitive data that you must protect carefully from day-to-day contact information that is less of a worry.
When might I need a DPIA?
A DPIA is the first thing you should do when starting a new project, to make sure you give privacy considerations a high priority.
A new project might require you to handle new personal information, for example, one Astrid client wanted to start working with social media influencers but needed to gather information on them. The DPIA helps the organisation to understand what kinds of information are involved and what the impacts of mishandling that information might be. In this example, the aim was only to use information that influencers had already put onto social media – so the impacts of publishing or losing the information are really quite low.
Do I need to do a DPIA for personal data I’m already processing?
If you don’t have a data protection impact assessment in place for work you’re already doing, then we recommend you start on one right away. Without a DPIA, you can’t be sure you’re in control of the personal data your business uses. The DPIA will identify the biggest potential problems so you can focus on managing those risks first.
We recommend that you look out for areas where you process data that’s either ‘special category’ or could put people at risk of financial or reputational loss. Special category data is sensitive personal data such as racial origin and religious beliefs - it is prohibited to process this data unless particular grounds for processing it is met. Businesses such as legal and financial services, professional healthcare and wellbeing services face particular risks as losing sensitive client information could have significant impacts on client’s lives. Performing a DPIA as quickly as possible will highlight these risks and help you manage them.
How do I complete a data protection impact assessment?
Whatever your business, Astrid has simple tools and guidance you can use to get a DPIA in place and tackle any issues you identify. By completing tasks 2, 3 and 5 in the first stage of our process, you have performed a comprehensive DPIA. Astrid also has all the guidance you need to review DPIAs and make sure they’re up to date.
Register for Astrid today.
Further reading
You can find out more about
data protection impact assessments on the ICO website but we think the ICO’s guidance is too complicated for small businesses which is why Astrid simplifies it!