- About the ODPA
- For Individuals
- For Organisations
- Information Hub
- Events
- News
- Contact
- Careers
- Project Bijou
- Report a breach
- Make a complaint
- Register, renew or update
- Actions we've taken
- Help & Advice
In order for our site to work, small files called ‘cookies’ have been placed on your device. These mandatory cookies do not process any personal data.
We would also like to use analytics cookies to understand how our site is used by visitors and then use this information to improve our site and the experience of using our site. The service we use is Google Analytics.
Please indicate whether or not you are happy to allow the use of these analytics cookies by selecting one of the options below. You can read more about our cookies before you choose and read our Privacy Notice to find out more information on how we use your personal data
Data Protection Impact Assessments (DPIAs) are an important compliance tool when you are embarking on new processing or making changes to existing processes. In some cases it will a legal requirement. Find out more here:
What is a DPIA?
A DPIA is an exercise you go through to assess how proposed processing is going to impact the personal data involved.
When do you need to do one?
The Law requires that a DPIA is carried out where there is a particularly high-risk to the individuals whose data is involved. However, organisations should always assess the impact of new/revised processing practices where that involves personal data. If you are unsure whether you need to do a DPIA: ask yourself these screening questions.
Why is a DPIA important?
New processes and new technology can impact individuals in ways that are not always obvious. The DPIA is an invaluable tool which ensures that risks are understood, and appropriate measures are taken to respond to those risks.
Design and Default
The Law requires organisations to build data protection into their processes 'by design and default'. DPIAs are an effective tool to support this legal duty.
What does a DPIA look like?
Every organisation will have different requirements and processes but here's a template you can modify for your own needs.
The Bailiwick of Guernsey's independent authority which regulates data protection legislation through an ethics-based approach, empowers individuals and protects their rights, promotes excellence in data protection, and supports the data economy to embrace innovation.
Receive regular information and statistics related to our activities and governance
Sign up nowReceive regular information and statistics related to our activities and governance
Sign up nowThe Office of the Data Protection Authority
+44 (0)1481 742074enquiries@odpa.gg
St Martin's House, Le Bordage, St. Peter Port, Guernsey GY1 1BR
Newsletters sign-up Data Processing Notice Careers Cookies
Website by
&
Indulge
© 2021 The Office of the Data Protection Authority.