Privacy impact assessments (PIAs) are a tool which can help organisations identify the most effective way to comply with their data protection obligations and meet individuals’ expectations of privacy. An effective PIA will allow organisations to identify and fix problems at an early stage, reducing the associated costs and damage to reputation which might otherwise occur. PIAs are an integral part of taking a privacy by design approach.
Information Commissioner PIA Code of Practice
It is currently a mandatory requirement for Government Departments to undertake PIAs and is strongly recommended for all other organisations. However this will change to be mandatory for all organisations when the new General Data Protection Regulation comes into force.
A PIA is undertaken when you make changes to any existing process for handling personal data or when you are considering implementing a new process. A PIA assesses any potential risks to personal data with the revised or new way of working you are looking to implement and allows you to address those risks at an early stage. A PIA can be a daunting process for someone to lead, especially if you have limited data protection knowledge. This is where we can help, we can take the lead on carrying out the PIA work for you and ensure you remain in compliance with current data protection law.