A Risk Assessment should provide you with an idea of the variety of incidents that might occur within your organisation as a result of Business Change. A change in business activities, in systems or processes will introduce a different set of risks which need analysis and mitigation actions.
“Mike had a wide breadth of knowledge around creating and mapping processes which he was happy to share with the team. Also the templates he designed saved many hours of work. Mike was a pleasure to work with”. – Jacquie Borman, GDPR Project, Ambassador Theatre Group, London.
Anatomy of a DPIA
- A description of the processing operations, their purposes and applicable legitimate interests.
- An assessment of the necessity and proportionality for each purpose.
- A risk assessment to the rights and freedoms of the data subjects affected by processing.
- Appropriate measures anticipated to mitigates the risks.
- Safeguards & security measures to demonstrate compliance.
- Retention periods proposed for the data.
- A description of security by default and design.
- A list of recipients of the personal data especially those outside the organisation.
- Compliance with approved conduct codes.
- A description of how data subjects are to be informed.