Tell senior people in your organisation that Data Protection Impact Assessments are a vital legal requirement, and some of them might be persuaded but others may switch off. Tell them it’s a vital way to ensure that projects aren’t derailed or implemented with problems that will need to be fixed down the line, and you’re telling a better story. It doesn’t end there. As part of your DPIA, you’ll need to use your imagination, to tell a story of how your plan to use personal data might work, and how it might go wrong for the people affected by it. This isn’t legalistic box-ticking: this is storytelling.

This is a practical session that deals with carrying out a DPIA on a specific project. We look at each stage of the process: When should you get started? How do you address the GDPR principles? How do you identify risks and what methodologies can you follow to assess them properly? When should you change the project, and when can you accept that some risks are essential to the business? What kind of mindset do you need to adopt when running your DPIA? What kind of risks do you need to take account of (HINT: it’s not just data protection risks).

Including examples of templates and processes that work well (and also some approaches that will sink you), this practical and entertaining course will set you up to get more out of the DPIA than just a document to show to the auditors.

We’ll also consider the wider issues of DP by Design and how to achieve an approach that deploys that approach in an intelligent way.