Data Protection Impact Assessment - DPIA

A Data Protection Impact Assessment (DPIA) can be used to identify and fix potential issues at an early stage and is an effective way to take a ‘privacy by design’ approach. DPIAs are already seen as good practice and the GDPR takes them a step further by making them mandatory in the following circumstances:

  • When using new technology
  • For data processing that presents a high risk to individuals’ rights and freedoms, such as systematic profiling
  • Large scale processing of special categories of personal data relating to criminal convictions
  • Large scale, systematic monitoring of public areas – notably CCTV

Need help with a DPIA?

For help and support conducting a DPIA, call 0800 783 2179 or submit our DPIA enquiry form.

How can Lloyd’s Register help?

Lloyd’s Register can carry out a DPIA on your behalf as well as provide DPIA training that gives practical guidance on how to conduct DPIA’s within your organisation. 

Our one-day, in-house workshop will help you to understand:

  • What a DPIA is and when one should be carried out
  • Your national regulators’ recommendations and guidance
  • The stages of a DPIA and what to do in practice
  • The relationship between conducting DPIA’s with other risk and project management activities, such as other risk assessments or data protection audits
  • What legal and compliance issues you will need to consider within your organisation.

If you would like an impartial organisation to conduct a DPIA on your behalf, Lloyd’s Register can help. Your DPIA will be carried out by one of Lloyd's Register’s risk management specialists who have an in-depth knowledge of the GDPR requirements and the risk management methodologies relevant to data protection.  You can also use this as an opportunity to mentor internal staff. 

GDPR DPIA Factsheet

Download Lloyd's Register's DPIA factsheet and learn how our training and assessment services can to help your organisation comply with the GDPR.