Data Protection Impact Assessment

An essential step to prepare for GDPR compliance is the Data Protection Impact Assessment (DPIA). The DPIA requires an extensive audit of your organisation’s data flows, including the type of data being held, where the data resides, who controls the data, who has access to the data, and with whom the data is shared. The goal is to provide a clear data flow map that will help you to implement measures to reduce privacy and security risks.


The GDPR encourages processes for regularly testing, assessing and evaluating the effectiveness of the privacy and security policies. 

The benefits of a consensual audit include:
  • Helping to raise awareness of data protection;
  • Showing an organisation’s commitment to, and recognition of, the importance of data protection;
  • Independent assurance of data protection policies and practices; and
  • Identification of data protection risks and practical, pragmatic,organisational specific recommendations.
An audit will typically assess an organization’s procedures, systems, records and activities in order to:
  • Ensure the appropriate policies and procedures are in place;
  • Verify that those policies and procedures are being followed;
  • Test the adequacy controls in place;
  • Detect breaches or potential breaches of compliance; and
  • Recommend any indicated changes in control, policy and procedures. 


Contact me