GDPR: Data Protection Impact Assessments

With under a year to go until the GDPR applies, we now have more guidance on what the requirements for data protection impact assessments (DPIAs) mean in practice. The EU Article 29 Working Party has published Guidelines on DPIAs, as well as related Guidelines on DPOs, and the Information Commissioner’s Office has published a discussion paper on profiling and automated decision-making, which are activities for which a DPIA may be required.

Read Olivia’s article: "GDPR: Data Protection Impact Assessments" published by SCL (

Olivia Whitcroft, principal of OBEP, 18 July 2017

This article provides general information on the subject matter and is not intended to be relied upon as legal advice. If you would like to discuss this topic, please contact Olivia Whitcroft using the contact details set out here: Contact Details