New* Data Protection Impact Assessment (DPIA) Workshop

Provided by

Enquire about this course

About the course

Data Protection Impact Assessment (DPIA) Workshop

Use data protection impact assessments to minimise privacy risks and comply with the EU GDPR

A data protection impact assessment (DPIA) is a key risk assessment process outlined in the requirements of the EU General Data Protection Regulation (GDPR). It helps organisations make an early evaluation of the impact a business process might have on the privacy of the individuals involved, and ensures compliance with the UK Data Protection Act and EU GDPR.

The Information Commissioner’s Office (ICO) already recommends that privacy impact assessments are conducted to assess the privacy risks for all policies and projects involving the use, collection and disclosure of personal information, and the government’s Security Policy Framework mandates their use by all government departments.

In order to comply with the GDPR, organisations will be required to perform a DPIA where the processing of personal data involves high risk to the rights and freedoms of individuals. In particular, a DPIA will be required for automated data processing activities, including:

  1. Profiling leading to decisions that produce legal effects for the individual.
  2. Large-scale processing of certain types of data.
  3. Systematic monitoring of a publicly accessible area on a large scale.

The IT Governance DPIA Workshop will explain how to develop a DPIA, implement the project, monitor the results and take action where required. When conducted at the start of a project, a DPIA will help organisations identify and resolve problems at an early stage, reducing the associated costs and potential damage to reputation.

Course Agenda
Course Timetable:

Day 1: 09.30 – ~16.30
What will you learn on this course?

  • The principles of data protection impact assessment (DPIA).
  • The legal requirements for a DPIA
  • Getting started: how to conduct a DPIA.
  • Determining whether the risk is acceptable.
  • How to develop a data protection impact assessment procedure.
  • How to create and implement more efficient project processes.
  • Monitoring the results and understanding when to take action.
  • How to track the outcomes in order to take the appropriate remedial actions.
  • Why and how to conduct a data flow mapping exercise

Who should attend the course?
The course is aimed at managers who are responsible for ensuring that their organisation is fully compliant with its data privacy obligations. This includes data privacy/protection, compliance, HR, IT and contracts managers. The course is particularly relevant to people who work in organisations that process large quantities of personal information, such as government departments, universities, charities and market research companies.

Duration: 1 Day

Cost: £495 + VAT

GDPR Training Scotland, Inverness, Glasgow, Edinburgh, Aberdeen and onsite courses throughout Scotland


Start date Location / delivery
No fixed date Glasgow, Aberdeen, Inverness, Edinburgh

Related article

Cyber security – why bother? Most people’s perception of cyber-attacks are either of someone in a darkened room trying to take down web sites, or c...