The Challenge

The EU GDPR states that a Data Protection Impact Assessment (DPIA) is required whenever processing is likely to result in a high risk to the rights and freedoms of individuals.

A DPIA is required at least in the following cases:
  • a systematic and extensive evaluation of the personal aspects of an individual, including profiling;
  • processing of sensitive data on a large scale;
  • systematic monitoring of public areas on a large scale.

Many organisations do not have the internal expertise to carry out successful DPIA’s that conform to the requirements of GDPR. BH Consulting have extensive experience of carrying out productive DPIA’s for public and private sector clients in a timely manner.

The Service

A Data Protection Impact Assessment enables clients to understand and manage personal data processing risks and demonstrate accountability (GDPR Article 5(2)).

A DPIA is a process which helps organisations to anticipate and address the likely privacy impact of projects and technologies, to identify privacy related issues, develop solutions, and ensure that such issues are addressed appropriately in a manner consistent with statutory obligations and corporate policies.

BH Consulting follow best practise guidelines for Data Protection Impact Assessments published by ENISA, the UK’s Information Commissioner’s Office, and by the Data Protection Commission in Ireland.

BH Consulting conduct initial data protection impact assessment workshops, to assess the risks associated with a new or existing data processing activity, system, or technology. Additionally, we provide subsequent recommendations on the appropriate controls to mitigate or minimise those risks.

We work on developing an action plan to manage the implementation of the given recommendations. Our experienced consultants also help to establish and document the tailored DPIA process for clients for future internal use.

This service can be carried out remotely.

The Benefits

  • Reduce unnecessary data processing activities and storage
  • Minimise the risk of data breaches and in turn damage to your organisation’s reputation
  • Prevent unlawful processing
  • Implement privacy by design and by default
  • Build trust with your customers and internal stakeholders
  • Demonstrate your commitment to data protection to the regulator
  • Implement a risk-based approach

Let’s Talk

Please leave your contact details and a member of our team will be in touch shortly.

"*" indicates required fields