The DPO role in a Data Protection Impact Assessment
by Mandy Webster (comments: 0)
In the UK, we possibly under estimate the importance of the Privacy Impact Assessment in data protection compliance. It is viewed as an essential part of managing data protection risk in Europe and it is a key element of GDPR compliance under the new name of Data Protection Impact Assessment. With that in mind it is understandable that the Article 29 Working Party (providing advice and guidance on data protection) specifies DPIA as an important part of the DPO role.
According to the Article 29 Working Party the controller is under a duty to carry out a Data Protection Impact Assessment (“DPIA”) when the risks presented by a type of processing (in particular using new technologies) taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons.
GDPR refers to the controller seeking advice from the DPO when carrying out a DPIA in Article 35 and the DPO is under a duty to provide advice where requested on the conduct of DPIAs and to monitor the performance of DPIAs carried out by the controller (Article 39(1)).
For support in monitoring the performance of DPIAs, check out our DPO Support Package.