Hero Image


PRIVACY CULTURE DEVELOPMENT

How to conduct DPIAs

An in-depth course examining the legal obligations to conduct DPIAs under the UK GDPR. The course is
suitable for privacy champions and teams responsible for implementing projects, new products and services

Book Now

Course Features

Short day session 10am - 3pm

Experienced instructor

Record of attendance

Public schedule

In-company options

Course Overview

A Data Protection Impact Assessment (DPIA) is a required accountability process to demonstrate compliance with the UK General Data Protection Regulation (GDPR). Organisations use DPIAs to analyse, identify, and minimise any data protection risks while considering the benefits of a proposed business process, project or plan.

Conducting a DPIA is a legal requirement for any type of processing that is likely to result in a high risk. In the event of a data breach or a violation of the GDPR, regulatory authorities such as the UK Information Commissioner's Office (ICO) will ask to see any relevant DPIAs to understand whether appropriate technical and organisational measures were put in place to protect the rights of data subjects. Failure to provide evidence that a DPIA has been conducted will significantly increase the likelihood of enforcement action; such is their importance.

DPIAs are a risk assessment tool used to identify problems during the planning stage and throughout the development process. They help to ensure project benefits are realised on time and within budget. While the data protection officer (DPO) may recommend where a DPIA is required, the responsibility for conducting them lies with the controller. In reality, this often falls to the business function in question. 

This one-day course ensures that privacy champions and teams responsible for delivering projects understand their legal responsibilities when conducting DPIAs. It examines the requirements set out in the UK General Data Protection Regulation (GDPR), the Data Protection Act 2018 (DPA18), and follows the latest ICO guidance.

Course Costs

Book this 1-day course on conducting data protection impact assessments (DPIAs):

£395 + VAT

Package includes:

Book now

Intended Audience

This one-day course on data protection impact assessments (DPIAs) is suitable for those individuals with the following roles or responsibilities: 

  • Data protection practitioners
  • Information governance professionals
  • Governance, Risk and Compliance (GRC) professionals
  • Information security, IT security and IT professionals
  • Privacy engineers
  • AI governance professionals
  • Project and product managers
  • Business users with personal data processing responsibilities

Course Contents:

  • What is a DPIA?
  • The legal requirements for a DPIA
  • Data Protection by Design and Default
  • The benefits of conducting DPIAs for organisations and data subjects
  • When to conduct a DPIA 
  • How to conduct DPIAs
  • Who should be involved in the completion of a DPIA?
  • Consultation with stakeholders
  • Identifying the proposed information flow 
  • Identifying data protection and related risks
  • What does high risk mean?
  • How to identify if an activity is high risk? 
  • Determining whether the risk is acceptable
  • Consulting with the ICO 
  • Should the DPIA be published?

Book now

Our clients