Sony Pixel Power calrec Sony

DPIA - the scary elephant in the data protection room

25/08/2023

Data Protection Impact Assessment, or DPIA for short. Even the acronym can strike fear into the hearts of those struggling with data protection compliance. But those people are not alone some experts would probably agree that it's not their favourite thing to do either. Completing a DPIA can take a lot of thought, time and effort. But, try as you might, they cannot be avoided.

What is a DPIA for?

A lot of the angst can derive from a simple misunderstanding; a DPIA is a risk assessment but not primarily to the risks your organisation faces. It focuses on the risks to the people whose data you will be using. That said, there's also a need to consider the risks your organisation could face, for example if a breach occurs. Such risks could include reputation damage, regulatory fines and even loss of business, but these can arise out of not getting the first part right. While organisational risk is reasonably well understood, it's the privacy risks that often cause the most difficulty.

Don't get too worried. The beginning of the process is simply working out whether you need a DPIA at all. This can be decided through a number of screening questions which are in the GDPR itself and have been added to by supervisory authorities and the Article 29 Working Party, an EU advisory body now replaced by the European Data Protection Board. The screening questions are relatively straightforward at first glance but do require some thought. For example, the GDPR asks: Will the processing involve special categories of data on a large scale? Let's say your plans include processing some health data but is this large scale? Well, that depends. There is no official definition of large scale' but it can be understood by looking at what type of health data is in scope: either serious medical conditions or the last time you took a day off sick and why? Is it going to be a significant number of data subjects, such as in the millions? Or maybe not a large number but a relevant proportion such as over half of the town's residents?

Let's put this into context

At this point, and before it gets too confusing, we'd like to introduce you to Sam, the man (or woman) in the street. They're used in legal and statistical discussions to represent the person who sits at the top of the bell curve - average, ordinary, your everyday Joe (or Jill). Sam is the person whose personal data you're thinking of processing. For every screening question, ask yourself what would Sam think?

Sam doesn't have a problem with your use of the personal data you're thinking about using but might get upset if you used it to decide whether they should pay a higher insurance premium. They're happy for you to have that information as the reason for its use is understood and acceptable but would be horrified if a breach occurred and their friends and neighbours could read their information online.

If there's something you think Sam would be worried about, then it's probably time to look at the full DPIA. Identify the concern and what you can do to make Sam happy. It might be additional security controls to help prevent breaches, reducing the amount of sensitive data you need to use, restricting who can access it, or making it clear you'll delete it the minute you no longer need it. Whatever will make Sam smile again is what you need to put into place. Don't know a Sam? The DPIA process encourages you to consult with others including the data subjects themselves. There are plenty of Sams out there. Then there's only one piece of the puzzle missing, your Data Protection Officer, or on-call expert, will be able to guide Sam in making informed decisions as they know the law and, more importantly, have experience in what can and does go wrong.

Don't let the thought of a DPIA scare you, it's about making sure everything is thought through and no decisions you make will cause sleepless nights for your data subjects. No scary elephants needed.

Contact us to discuss DPIAs, DPOs or anything else you're concerned about.

lang: en_GB

Our Accreditations and Certifications
LINK: https://www.resillion.com/dpia-the-scary-elephant-in-the-data-protecti...
See more stories from eurofins

More from Eurofins

04/10/2023

Strengthening Your Digital Barriers: The Vital Importance of Regular Pen Testing and Vulnerability Scanning

In today's digital landscape, where businesses rely heavily on technology to...

19/09/2023

Resillion: Supporting Energy Digitalisation

The global energy industry faces immense challenges: Net Zero targets are driving many types of energy consumption to electricity at the point of use instead o...

29/08/2023

Resillion to Serve as Exclusive CI Plus 2.0 Test Partner

As of May 2023 - Eurofins Digital Testing has changed its name to Resillion UK Limited, this name change has been reflected below in the press release from 2019...

25/08/2023

The legend of Tom, Dick or Harriet: a tale of physical security and social engineering

The following is based on real events; names and other details have been changed...

25/08/2023

DPIA - the scary elephant in the data protection room

Data Protection Impact Assessment, or DPIA for short. Even the acronym can strike fear into the hearts of those struggling with data protection compliance. But ...

22/08/2023

CPE and Home Gateway testing: what is it and what are the challenges?

High data rates for residential users have always been hindered by the last-mile bottleneck, i.e., low data rates on the last mile of the access network towar...

22/08/2023

Why you don't call your insurance provider when your house is up in flames

Your house is on fire what do you do first? You wouldn't call your insurance company to let them know your house was ablaze whilst watching the flames furt...

07/08/2023

US government launches cyber security labelling scheme for smart devices

On July 18th, 2023, the US Government announced a cybersecurity certification and labelling program for connected devices. This US Cyber Trust Mark will allow...

31/07/2023

How to implement automation when developing tests in parallel with development sprints

by Dan Martland, Technical Testing Director As we undertake many test automati...

31/07/2023

A guide to the new NIS directive (NIS2)

We previously released some guidance around the new Network and Information Security Directive (NIS2), which you can read here. NIS2 has many different areas to...

25/07/2023

Goodbye 90's QA Health Check Hello Optimisation

By Rich Mort In a past life, some years back, I attended a sales call as a Test Consultant with a fresh faced new go gettem' salesman who was determined t...

20/07/2023

Escalating privileges in Citrix ADC

Part of Citrix's solution line-up, Citrix ADC (formerly NetScaler ADC) is an application delivery and load balancing solution. In March 2023, two of Resill...

17/07/2023

Debunking the myths around Test Automation and how to supercharge your Digital Transformation Programme

Recently, Resillion ran a webinar exploring the myths (or misconceptions) around...

14/07/2023

A Look Behind the Scenes of an Intern Jonas Claes

Hello everyone, my name is Jonas Claes, a 21-year-old coffee enthusiast and software aficionado from Belgium. I'm currently pursuing a degree in computer sc...

03/07/2023

Exciting times ahead for Qi 2.0 and Ki

By Glenn Koninckx, Technical Sales Another face-to-face edition of the Wireless Power Consortium (WPC), this time in the beautiful city of Copenhagen, Denmark...

16/06/2023

NIST Consumer IoT Cybersecurity Labelling

NIST - the US National Institute of Standards and Technology has been examining labelling schemes for the cyber security of Consumer IoT products. Learn more ab...

13/06/2023

QA - Can it really drive Digital Transformation Success?

Recently Resillion ran a webinar with two of our Digital Transformation experts discussing how QA can drive digital transformation success. Although this works ...

09/06/2023

Four takeaways from the OpenADR++ Users Conference Europe

by Bill Chard Resillion was pleased to sponsor and attend the OpenADR Alliance's User Conference Europe, held in London on June 6th and 7th. Over two full d...

31/05/2023

Scaling into infinity part II

In the first part of this series, I started looking at the key components of performance when building and scaling large cloud estates. Now, I'd like to del...

30/05/2023

Interoperable Demand Side Response

Over the Winter of 2022/23, a series of significant events in the UK's electricity supply network featured in the national news. Run by the Electricity Syst...

25/05/2023

Cyber Security vs Incident Response

Your house is on fire what do you do first? You wouldn't call your insurance company to let them know your house was ablaze whilst watching the flames fur...

10/05/2023

Scaling into infinity Part I

The digital revolution has brought myriad exceptional benefits, but the one I'd like to focus on is the unifying force of shared common services; the idea t...

30/04/2023

Nulmeting en terugkerende pentesten: cruciaal voor de beveiliging van jouw organisatie.

Tegenwoordig is het geen vraag meer of je wordt getroffen door een cyberaanval, ...

11/04/2023

NIS2 what's new?

The NIS, originally adopted in 2017, has already put certain measures on the table to improve the cybersecurity of European companies that are considered critic...

16/03/2023

Matter: the new standard for Connected Home Devices

Resillion is an enthusiastic supporter of Matter, the industry-unifying standard for Connected Things, and the Certification Scheme that will underpin its succe...

04/02/2023

Navigeren in de wereld van penetratietesten: De voordelen van het CCV-keurmerk

Er zijn vele aanbieders van pentesten en onderwerpen als ethical hacking en cybersecurity in het algemeen zijn onderdeel van diverse (hogere) beroepsopleidingen...

24/01/2023

Consortium led by Resillion wins Demand Side Response testing project in the UK

Resillion announced a new project funded by the UK Department of Business, Energy and Industrial Strategy (BEIS), focused on the performance testing of Demand S...

09/01/2023

Resillion: a new name and a company with a passion for making IoT work.

London, 9 January 2023: We are pleased to announce the launch of our new company, Resillion. Combining the best-in-class expertise across Digital Testing, Cyber...

08/01/2023

Data Privacy Matters good practices by Gert-Jan

Once again, on 28th January, it is Data Protection Day - hasn't it come round fast! This was originally created by the EU back in 2007 to raise awareness of...

12/12/2022

Hacker delivers households Christmas cards via printer (NL)

Den Haag, 13 december 2022 - In 2021 waren bijna 2,5 miljoen Nederlanders slachtoffer van online criminaliteit.* Via slecht beveiligde slimme apparaten kunnen h...

08/12/2022

Hacker delivers households Christmas cards via printer (Eng)

The Hague, 13 December 2022 - In 2021, nearly 2.5 million Dutch people were victims of online crime.* Using poorly secured smart devices, hackers can penetrate ...

17/11/2022

Resillion achieves CREST SOC accredited status

Commissum is proud to announce that it has been CREST accredited for Security Operations Centre (SOC) services, further strengthening its current CREST accredit...

27/10/2022

Cyber Month: Thursday Thoughts with Thijs: phishing & ransomware

Cyber Month is coming to an end, hasn't it absolutely flown by! During this 10th anniversary of cyber month, a plethora of activities have taken place acros...

20/10/2022

Cyber Month: Thursday Thoughts with Thijs: account management

It's already the third week of this cybersecurity month . Time flies when you're having fun! That means it is also time for my third musing. During C...

13/10/2022

Cyber Month: Thursday Thoughts with Thijs: Awareness

Just because you don't immediately think of it, or can't physically see it, doesn't mean it doesn't exist - out of sight, out of mind' is a...

07/10/2022

Resillion supports the launch of Matter 1.0 and offers Certification Testing

The Connectivity Standards Alliance has this month released the Matter 1.0 standard, and a new certification program for products that connect with Matter. Sma...

06/10/2022

Cyber Month: Thursday Thoughts with Thijs: Supply-chain attack

All businesses have suppliers, fact. But have you ever considered the associated risk of a cyber-attack to your suppliers? Commonly known as either a supply cha...

04/10/2022

Ensuring smooth TV content globally

For World Testers Day, 9th September, we sat down with Programme Manager, Peter Shorrock, of our devices practice, to discuss how we make a difference in the br...

09/09/2022

International Testers Day - finding testers in times of shortages

Richard Mort, a senior consultant at independent Quality Assurance, (QA), testing and cyber security for software systems and devices company, Resillion, here e...

25/07/2022

Why is the NEXTGEN TV Logo critical to the success of ATSC 3.0 deployments in developing countries?

Dr Bob Campbell recently wrote an article about the importance of ATSC 3.0 deplo...

22/07/2022

Virtual Security Officer

When asked about my job at - say - at a birthday party, or other social event and I tell them, people pause for a few seconds, then, usually with a puzzled expr...

18/07/2022

Resillion chosen by the Connectivity Standards Alliance to host Europe's first Matter Specification Validation Event

Resillion is partnering with the Connectivity Standards Alliance (CSA), to exten...

07/07/2022

NextGen TV Logo New Updates

Resillion, in partnership with the Consumer Technology Association (CTA) and National Association of Broadcasters (NAB), is pleased to announce the release of ...

09/05/2022

Virtual Security Officer Need to Know

Protecting your organisation from outsider threat should be of utmost importance - effective cyber security measures keep both your data and systems safe and en...

07/04/2022

Is Basic Authentication too basic?

With various authentication methods available, which exactly is the best? We delve into authentication, authorisation and discuss whether Basic Auth really is j...

06/03/2022

Protected: Resillion Matter 1.2 Specification Validation Event

This content is password protected. To view it please enter your password below: Password: lang: en_GB Our Accreditations and Certifications...

12/10/2021

Eurofins and WiSA Association partner on Soundsend'

Eurofins are pleased to be working with WiSA , the Wireless Speaker and Audio Association to offer state-of-the-art testing for their award-winning SoundSend ...

27/08/2021

Behind the scenes of an Automation Engineer

Hi! My name is Kevin Vissers and I've been working at Eurofins for six years, of which the last three years as Automation Engineer at one of our clients, KB...

19/08/2021

Behind the scenes of a Senior Test Consultant (UK)

Hi! I am Andrew Taylor, Senior Test Consultant at Eurofins Digital Testing (UK). My first proper' job was as a trainee COBOL Programmer for a major Govern...