Privacy Impact Assessments
A privacy impact assessment identifies and reduces privacy risk in a specific system, product or program, covering data flows, collection, use, disclosure, consent, retention and safeguards, with clear recommendations.
For teams launching or changing something that handles personal data.
This fits organizations launching a system or program that processes personal data, and any team a regulator, customer or internal policy requires to produce a PIA before go-live.
Specialist division: Data Privacy Officer leads engagements of this type.
A complete PIA.
- Data-flow mapping for the system in scope
- Collection, use and disclosure review
- Consent and notice review
- Retention and safeguard review
- A clear, ranked set of recommendations and a completed PIA document
What you get out of it.
Go-live confidence
A documented privacy review that lets the project proceed.
Risk reduced early
Privacy problems caught before launch, not after.
A reusable record
A PIA you can show a regulator or customer on request.
The engagement, step by step.
Discover
We scope the system and the personal data it touches.
Assess
We map data flows and test them against privacy principles.
Prioritize
We rank privacy risks by likelihood and impact.
Build
We define safeguards and design changes.
Report
We deliver the completed PIA and recommendation list.
Support
We help the team implement the agreed safeguards.
What you receive.
- Completed privacy impact assessment document
- Data-flow documentation
- Prioritized recommendation list
- Summary for project and privacy leads
Common questions.
When do we need a PIA?
How long does a PIA take?
Who leads this?
Often paired with this.
Need a PIA before go-live?
Tell us about the system and the deadline. The first conversation is free and there is no obligation.