Data Protection Impact Assessment (DPIA)
A Data Protection Impact Assessment (DPIA) is a critical process for evaluating and mitigating the privacy risks associated with processing personal data. Conducting DPIAs is not just a regulatory requirement under the General Data Protection Regulation (GDPR) and other privacy laws; it's a foundational element of our commitment to data protection by design and by default. A DPIA is mandatory in situations where data processing operations are likely to result in a high risk to the privacy rights of individuals.
Roadmap
| Phase | Date | Description |
|---|---|---|
| Assessment Phase | December 2023 | Evaluate the need for a DPIA based on new or significantly altered data processing activities. |
| Planning Phase | January 2024 | Outline the scope, objectives, and methodology of the DPIA, including stakeholder engagement plans. |
| Discovery Phase | February 2024 | Catalog and assess data processing activities, identifying the types of data collected, processed, and stored. |
| Start of Implementation | February 2024 | Implement measures to address and mitigate any identified privacy risks, enhancing data protection practices. |
| Assessment report | April 2024 | Finalize and document the DPIA findings, including risk assessment results and mitigation measures implemented. |
Status
We have completed conducting our Data Protection Impact Assessment (DPIA), which is an essential step in our commitment to data privacy and protection. This process is aimed at thoroughly assessing and mitigating any privacy risks associated with our data processing activities. We are dedicated to ensuring the highest standards of privacy and data protection for all our users.
We've completed our DPIA for 2024, and this will be annually revised to ensure we monitor any new, changes, or updates to our data privacy risks.