DPIAs and DTIAs – Reducing The Fear


A key and mandatory requirement of the GDPR is the need to conduct a data protection impact assessment (DPIA) when the processing of personal data is likely to result in a high risk to the rights and freedoms of individuals.  A DPIA is a crucial risk management tool enabling controllers to identify specific data protection risks and then implement data security and other measures to mitigate, or even exclude, those risks.

Omitting to perform mandatory DPIAs is not only breaking the current law (Article 35 of the UK GDPR), it also increases the chances of data loss or other breaches of the data subjects’ rights and freedoms, not to mention the reputational damage, financial claims and increased cyber insurance premiums that come with those infringements.

A data transfer impact assessment (DTIA) is a process used to assess the privacy risks associated with transferring personal data from one jurisdiction to another. Should your organisation be looking to send personal data to a ‘third country’ outside of the EU, it is required to conduct a DTIA (or transfer risk assessment as they also referred to) in order to identify and mitigate any potential risks to individuals’ privacy.  

Whether you are a seasoned DP practitioner or just beginning your compliance journey, navigating your way through these mandatory requirements and conducting DPIAs and DTIAs can be tricky and likely to entail some difficult conversations and challenging decisions.  In this webinar, URM will be sharing its experiences and practical tips drawn from helping organisations successfully implement these assessments.  By attending this webinar, you will receive clear and jargon-free answers to the following questions:

Data Protection Impact Assessments

  • What is a DPIA (and what is it not?)
  • When are DPIAs required?
  • What are the triggers and objectives of conducting DPIAs?
  • What is the balancing test?
  • How do you meet your accountability obligations?
  • Who are the typical internal and external stakeholders when conducting a DPIA?
  • What templates and processes can you use?
  • What are the common misconceptions?

Data Transfer Impact Assessment

  • What is a DTIA?
  • Why are they required? and when?
  • What process do you need to go through?
  • Who are the typical internal and external stakeholders?
  • What tools and supervisory authority guidance are available?
  • What is the significance of the EU-US Data Privacy Framework?

Register for the event

Please note, we can only process business email addresses.

Did you miss the live event? Do not worry. We have recorded the webinar for you. Please register using the form below and we will provide you with the link to the recorded webinar when ready.

Did you miss the live event? Do not worry. We have recorded the webinar for you. Please watch the introduction to the webinar below. For the full recording please register using the form below the video.

Register to watch recording

Please note, we can only process business email addresses.