Privacy Impact Assessments (PIA/DPIA)

Does your team understand the difference between a Data Protection Impact Assessment (DPIA) and Privacy Impact Assessment (PIA)? Do you know which to run? And when?  Are you required by current privacy legislation to document and furnish PIA/DPIA documentation in order to demonstrate compliance?

Did you know data controllers in Jamaica are required to annually submit Data Protection Impact Assessments annually to the Jamaican Information Commissioner, with respect to all data in their possession?

DPSA CAN HELP minimize the confusion.

A properly drafted PIA can be used to meetCPRA and VCDPA requirements and to flag when a full DPIA is needed.

We will design a custom workflow that fits your organization’s needs and helps you determine whether you need a DPIA or a PIA. Our process begins with a Privacy Threshold Assessment (PTA) to determine if there is enough risk (or new risk) to warrant a PIA.

Then, a PIA tailored to your company will evaluate privacy and security requirements across regulations – DPSA’s “smart” assessment questionnaires allow for early exits and will take the team directly into the DPIA, if needed.

DPSA will help you understand risk and provide the actionable recommendations to bring it in line.