DPIAs & Assessments

Privacy Assessments

There are so many 3 and 4 letter acronyms in Privacy: GDPR, DPIAs, PIAs, LIAs, TIAs. We can untangle them for you.

Usually the I and the A stand for Impact Assessment, and you’re assessing the impact on individuals’ Privacy from a particular action or processing activity.

PIAs

A Privacy Impact Assessment or PIA is what you do to assess the impact on individuals from your processing their personal data. PIAs can be informal or formal – there is no set rule or document. The only exception is the DPIA, which is defined in GDPR.

DPIAs

The Data Protection Impact Assessment or DPIA is the only PIA to be defined in GDPR, and is required when your processing is likely to result in a high risk to the fundamental rights and freedoms of individuals. But, while you do have to cover certain ground as set out in GDPR, there is still no set form to use.

LIAs

Legitimate Interest Assessments or LIAs are required when you rely on the legal basis of ‘legitimate interests’ for your processing. Privacy Kitchen has a great video on the 6 Legal Bases in GDPR.

TIAs

Transfer Impact Assessments or TIAs. The new kid on the block that’s stealing all the attention. Transfers (sharing personal data outside the UK or EEA for UK or EU GDPR respectively) are the hardest part of Privacy at present. The UK ICO intends to call the UK version a TRA, or Transfer Risk Assessment. And the TRA is very different to an EU-style TIA.

What about the Brexit Reforms?

Technically, yes, the current draft Bill does remove the need for DPIAs however it also introduces the need to make many more assessments in many more areas. Keepabl has published a simple side-by-side guide to the proposed changes regarding RoPAs, DPOs, DPIAs and DSRs. LIAs and TIAs will remain.

How we help

We can take you through all of the above, helping you make the right decisions against your risk profile.

SeeĀ all our Services