A high risk assessment is not a term specifically noted within the GDPR or the Data Protection Act (2018). However it is common for organisations to assess activities or projects to determine if the risk associated with them might require a Data Protection Impact Assessment (DPIA). A high risk assessment is therefore a short questionnaire which is used as a pre-cursor to a DPIA and helps to assess against the supervisory authority’s criteria for requiring a DPIA.
This assessment is one way to determine if an activity should be subjected to a data protection impact assessment, although our assessment cannot possibly be exhaustive, so we recommend it is used as a guide. There is more information about why we might undertake a DPIA here.
How can ProvePrivacy Help?
ProvePrivacy allows RoPA users to review each and every activity against the high risk criteria to determine if a DPIA is required. If one is required, then ProvePrivacy provides a template a tracking tool and allows you to upload your final document as evidence.
