Privacy Assessments

When To Use Them

Data Protection Impact Assessment (DPIA)

DPIAs are a key part of the UK GDPR and will  help your business demonstrate compliance with data protection obligations.

What is a Data Protection Impact Assessment?

A DPIA is a necessary part of the privacy framework and data governance and are necessary to assess and mitigate risks in projects that are dealing with personal data. 

The DPIA is necessary when considering a new product or service. It is a process that helps organisations identify and reduce the risks of processing personal data. 

Legitimate Interest Assessment (LIA)

A legitimate interests assessment (LIA) is a risk assessment that helps organisations determine if they can process data based on legitimate interests. 

It’s a simple form of risk assessment that should be performed before processing data and regularly reviewed. 

An LIA involves:

  • Purpose test: Identifying the legitimate interest
  • Necessity test: Considering if the processing is necessary
  • Balancing test: Considering the individual’s interests and whether safeguards can be put in place

If your business uses legitimate interest as a legal basis for processing personal data then you will need to conduct an LIA and document your findings.

Simple

Our advice is easy to understand, clear and transparent.

Strategic

We assess your business, consider your needs, review how it will work for your business. 

Workable

An action plan for your business, outlining measurable, attainable and realistic tasks to ensure compliance.

Scroll to Top