The Information Commissioner's Office (ICO) has updated its guidance on data protection impact assessments (DPIA). 

What is a DPIA?

DPIA's are a tool to help organisations identify and minimise the data protection risks of new projects. The GDPR includes an obligation for organisations to do a DPIA for processing that is likely to result in a high risk to individuals. This includes some specified types of processing and the ICO has issued screening checklists to help you decide when to do a DPIA.

The updated guidance also includes examples of processing that is likely to result in high risk. 

It's important to get it right, as a failure to carry out a DPIA when required can lead to enforcement action, including a fine of up to €10 million, or up to 2% global annual turnover if higher.

At Markel Law we regularly comment on SME related matters.

Follow this link to find out more about Markel Law and how we can assist your business.