Carson McDowell GDPR Seminar Series - Putting the Pieces Together.

High risk processing and Data Protection Impact Assessments

15 February 2018

The GDPR imposes stricter requirements on controllers that engage in so called ‘high risk’ activities. For activities not considered ‘high risk’ controllers must still adopt measures appropriate to the risk level of the activity. But for those activities that are ‘high risk’ an organisation may be required to consult with a data protection authority and conduct a detailed privacy impact assessment before engaging in such an activity. Significantly, if a high risk data breach occurs, an organisation might also be required to notify potentially affected individuals. High risk processing activities are those that rely on new technology and are ‘likely to result in a high risk for the rights and freedoms of individuals’.

We will provide a step by step guide as to what your heightened requirements are for high risk activities and take you through a privacy impact assessment. We will deconstruct ‘risk’ and take you through examples of what a high risk activity is and illustrate how you can employ a risk analysis approach. We will arm you with a tool kit as to what your obligations are and explain when you might have to, ‘consult pre-processing’ or ‘notify - after the event’, the relevant supervisory authority. Finally, we will identify some action that you can take to mitigate high risk activities so that you can reduce the burden of the high risk requirements.

With our colleagues and workshop series we will ensure you are GDPR ready.