Data Protection Impact Assessments (DPIAs)
A data protection impact assessment (DPIA) is a process to help you identify and minimise risks associated with processing personal data. For many years, conducting DPIAs has long been considered a best practice activity, but has taken on greater significance with the GDPR where they are mandatory for any processing that is likely to result in a high risk to individuals. Conducting DPIAs will also reduce the probability of data loss or breaching data subject rights and freedoms. An effective DPIA can also bring broader compliance, financial and reputational benefits, helping you demonstrate accountability and building trust and engagement with individuals and should become standard practice in every organisation. URM’s DP consultants are able to advise you on where you should be conducting DPIAs but, more importantly, how to conduct them and what the outputs should be, e.g., identifying and assessing risks to individuals taking into account both likelihood and severity of any risk, as well as identifying any additional measures to mitigate those risks. URM’s team can also provide a review service to ensure you take the right actions.
Get in touch
Please note, we can only process business email addresses.
Why URM?
Track record
URM’s DP and GDPR consultants have extensive ‘real world’ experience as both practitioners and subject matter experts working at a senior level within business and in their data protection consulting roles advising organisations on best practice. With a 17-year track record assisting organisations to comply with legislation such as the Data Protection Act, the GDPR and local country-specific legislation, URM has earned a reputation for adopting a pragmatic and business appropriate approach.
Flexible service offerings
A key differentiator between URM and other data protection service providers is our flexible service offerings. Our virtual DPO service can be customised to your precise requirements, in terms of the type of support you require and the frequency of site days (remote or on site) etc. Equally, with our remediation support, URM can assist you address any gaps identified and achieve full GDPR compliance. We can also help you maintain that compliance with GDPR auditing services.
Knowledge transfer
URM prides itself on its knowledge transfer philosophy and training expertise which helps to ensure that you not only understand what the principles and requirements of the GDPR are but how to best meet them.
ICO Enforcement Action January – June 2024
URM’s blog reviews ICO enforcement activities for the 1st half of 2024, highlighting trends & shifts in how it enforces against data protection breaches.
URM’s blog explores a recent ECJ ruling which dictates that oral job references are covered by the GDPR
URM’s blog explores the data protection considerations for data analytics tools, and how to reap their many benefits while still maintaining GDPR compliance.
URM’s blog explores the first formal European response to the DPDI Bill, and how the Bill may jeopardise the UK’s adequacy status when it reforms the UK GDPR.