Accessibility

Font size

Filters

Highlight

Colour

Zoom

GDPR GUIDANCE (4) DATA PROTECTION IMPACT ASSESSMENT

It is important to note that Data Protection Impact Assessments (“DPIAs”) are not a new concept, as these were recognised procedures that organisations used to comply with under the EU Data Protection Directive 95/46/EC, prior to the introduction of the Gibraltar GDPR. However, conducting a DPIA is now mandatory under the Gibraltar GDPR for all data processing that is “likely to result in a high risk to the rights and freedoms of natural persons” (see Article 35(1) of the Gibraltar GDPR).

Although undertaking a DPIA is not always compulsory, organisations may find it useful to conduct one as the procedure is designed to help identify and minimise the privacy risks of new projects or policies. Therefore, a DPIA is an important tool for accountability that will help organisations comply with Gibraltar GDPR/DPA requirements, including the requirement for organisations to demonstrate that appropriate measures have been implemented to ensure compliance with data protection.