Resources
Reference materials
Regulation
Professional services
10. Data Protection Impact Assessment
Where the firm will be undertaking a new activity that involves a high risk to the rights and freedoms of a data subject, the firm is required to undertake a data protection impact assessment.
Some examples of high-risk activities are large-scale processing, large-scale systematic monitoring and so on.
More information on Data Protection Impact Assessments is available on the Data Protection Commission website and from the European Data Protection Board: Data Protection impact assessments High risk processing | European Data Protection Board
Right column
GDPR Guidance
Browse other Law Society guidance on the General Data Protection Regulation (GDPR) through the links below.
- 1. Understanding obligations
- 2. Being accountable
- 3. Communicating with staff and service users
- 4. Data subject rights
- 5. Data Subject Access Requests (DSARs)
- 6. Lawful basis for processing personal data
- 7. Consent
- 8. Processing Children's Data
- 9. Data Breach Protocol
- 10. Data Protection Impact Assessment
- 11. Data Protection Officer
- Considering appointing a DPO - issues to consider
