risk3sixty white papers


Simplifying the Data Protection Impact Assessment Requirement

GDPR: Simplifying the Data Protection Impact Assessment Requirement


The EU’s new General Data Protection Regulation (“GDPR”) introduces the concept of a Data Protection Impact Assessment (“DPIA”); defined as an analysis of the risks of processing operations on the “rights and freedoms” of data subjects.This means that if your company is processing the data of individuals who are EU citizens you may have to perform a difficult-to-define type of assessment to ensure compliance with the GDPR.

Unfortunately, when it comes to deciphering these requirements, uncertainty remains a problem for many Companies attempting to comply. In this whitepaper we will explore the circumstances in which a DPIA may be required and what that assessment may look like in practice. Specifically:

  • Part 1: Developing a defensible approach to defining circumstances in which a DPIA is required, and
  • Part 2: To develop a formalized and documented approach to performing a DPIA prior to the start of data processing, when you have determined they are in fact necessary.

Team Specialist

Phil Brudney


Philip leads Security, Privacy, and Compliance research and quality assurance at risk3sixty. He oversees privacy and attestation reporting and is the co-quality assurance manager for the assurance practice where he is responsible for ensuring each engagement meets risk3sixty’s rigorous quality standards in line with AICPA requirements. Phil leads development and peer review of thought leadership, research, and whitepapers. In addition, Phil acts as the Data Protection Officer (DPO) for a wide array of US based firms facing GDPR compliance.

Speak With An Expert

Let Us Know How We Can Help

Fill out the form and let us know what service you’re interested in; or ask any general question and we’ll get back to you as soon as possible.