GDPR
In accordance with the General Data Protection Regulation (GDPR) Article 35, Data Protecion Impact Asssessments (DPIAs) are mandatory for new systems and procedures where personal information is being processed.
One of the first considerations is whether or not the service or product that is to be introduced will be handling any personal data.
Personal data can come in many forms and is capable of identifying an individual, whether that’s by itself or in conjunction with any other item of data which taken together could identify someone.
If a project means that personal data will be used in any way, or a supplier may be dealing with personal data, a Data Protection Impact Assessment (DPIA) will need to be completed to help consider the implications and to comply with the General Data Protection Regulations.