Data Privacy Services: Data Protection Impact Assessment

PRIMARY CONTACTS:
Eric M. Wright CPA, CITP
Eric M. Fair CISA, CDPSE, CBCLA 

A Data Protection Impact Assessment (DPIA) is a process to help identify and minimize data protection risks to an organization. To assess the level of risk, you must consider both the likelihood and the severity of any impact on data subjects.

When is a DPIA required?

Whenever processing is likely to result in high-risk to the rights and freedoms of individuals. Required at least in the following cases, under GDPR:

  • A systematic and extensive evaluation of the personal aspects of an individual, including profiling;
  • Processing of sensitive data on a large scale;
  • Systematic monitoring of public areas on a large scale

It is also good practice to perform a DPIA as a baseline or for any major initiative which requires the processing of personal data.

Your DPIA must:

  • Describe the nature, scope, context and purposes of the processing;
  • Assess necessity, proportionality and compliance measures;
  • Identify and assess risks to and impact on data subjects; and
  • Identify any additional measures to mitigate those risks.

Additional Schneider Downs Data Privacy Services

Business Process and Data Flow

A critical component to understanding how an organization’s data (oftentimes consumer data) travels throughout its lifecycle is to develop business processes and data flow diagrams. Learn More

Data Privacy Control Assessment

Regardless of whether your data privacy program was recently established or tenured, it’s important to assess its ongoing effectiveness in today’s ever-evolving technological world. Learn More

NIST Privacy Framework Compliance

The NIST Privacy Framework is intended to be leveraged as a foundation to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy. Learn More

Privacy by Design

Our approach to Privacy by Design ensures that privacy and security controls are aligned with an organization’s tolerance for risk, its compliance with regulations, and its commitment to building a sustainable privacy-minded culture.  Learn More

Privacy Regulations and Compliance

Prepare your organization for compliance with data privacy regulations including GDPR, CPRA, CCPA, New York SHIELD Act, GLBA and HIPAA. Learn More

About Schneider Downs Data Privacy Services

At Schneider Downs, our IT Risk Advisory Practice has a team of professionals who specialize in data privacy. Our team not only understands the evolving data privacy regulations but also the technologies that allow for opportunities to enable controls in the effort of reducing and protecting the data footprint and ongoing risks of non-compliance. 

Learn more at www.schneiderdowns.com/data-privacy-services or contact us for more information.

case studies

 
Let’s discuss preventing ransomware attacks on your company. Email me directly <a href='mailto:twarren@schneiderdowns.com?cc=contactSD@schneiderdowns.com'>here</a>.
big problem:
Let’s discuss preventing ransomware attacks on your company. Email me directly here.
big thinking:
Company impacted by ransomware.
 
Let’s discuss opportunities to reduce your company’s tax burden. Email me directly <a href='mailto:dmorally@schneiderdowns.com?cc=contactSD@schneiderdowns.com'>here</a>.
big problem:
Let’s discuss opportunities to reduce your company’s tax burden. Email me directly here.
big thinking:
Inefficient tax credit realization.
our thoughts on
Estates and Trusts Tax Update - November 2021
International Fraud Awareness Week 2021
Tax Reform 2021 - Build Back Better: Proposed Changes to Section 199A Qualified Business Income Deduction
Proposed Legislation Targets Estate and Gift Tax Planning
IRS Provides Taxpayer-Friendly Guidance for the Employee Retention Credit

contact us