Contact Us

Safeguard your company’s data with privacy impact assessments (DPIAs).

Mitigate the risks to the rights and freedoms of individuals and stay in compliance with the GDPR.
Talk to one of our GDPR experts

Join 100+ leading organizations that have trusted us with their GDPR compliance.

  • First steps

Start by figuring out whether or not you need to conduct a PIA.

A data privacy impact assessment (DPIA/PIA) is an internal evaluation of how personally identifiable information is handled for a given data processing activity. A PIA is conducted to ensure compliance with regulations, outline potential privacy risks, and potential ways of reducing those risks.

In this way, a PIA is both an analysis as well as a formal document outlining the data collection process and the findings of the analysis.

To know whether or not you need to conduct a PIA, you’ll need to evaluate your data collection activity against two sets of criteria (international and national). The international criteria has 10 conditions as per the G29. The national criteria is based on where you are conducting the data collection.

Wondering how you conduct a PIA? Here’s our approach.

  • Interview the internal team
We begin by interviewing the internal team to determine the process and strategies being carried out for the specific data processing activity.
  • Assess the technology
We look to understand the security measures in place for both your IT team as well as the software being used to collect, manage, and store your data.
  • Draft the DPIA
For each principle of GDPR, we will begin to outline how the process addresses each of those components and structure this information into a formal report.
  • Conduct a risk analysis

We carry out a risk analysis against three criteria: the potential for loss of data, disclosure of data, and alteration of data. We assess the risks on the privacy of the data subjects and how they are currently being mitigated by the security measures implemented.

  • Results and action plan
We conclude the PIA by highlighting all the areas where your processing activity is non-compliant to regulatory standards and then provide a comprehensive plan of action and recommendations to achieve compliance.

Determine the necessity of a PIA.

Check how your data collection activity scores against the G29 criteria to determine if a PIA is a necessity.
Schedule a free demo

Get in touch with one of our GDPR compliance experts.

Whether you have a clear idea of your DPO needs or not, our team can help point you in the right direction and understand what needs to get done.

The data collected on this form are intended for DPO Consulting. They are used to process your request. They are also used at ends of prospections except if you express your opposition to it by notching the box below. Mandatory data are indicated on the form by an asterisk. In accordance with the EU Regulation 2016/679 of 27 April 2016 on the protection of personal data and the amended Law "Informatique et Libertés" of 6 January 1978, you have the right to the access, rectification, deletion, portability as well as limitation and opposition to the processing of your personal data. You can exercise that right by sending an email to the following address: dpo@dpo-consulting.com.

Commonly AskedQuestions

Privacy Impact Assessments (PIAs) identify, evaluate, and mitigate the risks associated with the processing and use of personal data that your organization collects.