Data Protection Impact Assessment (DPIA) Workshop

One of the new requirements introduced by the General Data Protection Regulation (GDPR) is the obligation to conduct a data protection impact assessment (DPIA) for the processing activities which are likely to pose a high risk to the data subjects’ rights and freedoms. Although Croatian Personal Data Protection Agency (AZOP) has published a list of processing activities for which it is necessary to conduct a DPIA, in reality there are still some unanswered questions about the assessment methodology and procedure.

The course is delivered as a practical, role-playing workshop and is based on real-life scenarios (e.g. CCTV and GPS monitoring of employees, profiling, biometrics and others). Participants take on different roles to represent interests of various stakeholders in the process.

This course is intended for everyone who would otherwise be participating in the data protection impact assessment within their own company or place of work – data protection officers, business process managers (marketing, HR, sales, corporate security, etc.), as well as everyone else who wants to develop in the field of personal data protection and privacy.

Course outcomes

In this course, the participants will learn:

• define the assessment methodology applicable to the organization,
• identify the need and/or an obligation to conduct a data protection impact assessment,
• lead and participate in data protection impact assessments,
• identify and assess the risks to rights and freedoms of the data subjects,
• prepare a report which includes all the necessary information,
• initiate and conduct the prior consultation procedure with the supervisory authority.