The DPIA tool for GDPR risk assessment

Written on 10 Jul 2020

At Osborne Clarke, we pride ourselves on being pioneers in legal tech, developing new digital solutions for our practice and our clients to make day-to-day legal processes more efficient and compliant. Our DPIA tool is the latest development in our ongoing commitment to bringing together cutting edge legal advice with practical and business-oriented digital tools.

GDPR Data Protection Impact Assessments are gaining importance and weighing on organisations' already heavy burden when it comes to compliance, not least because they imply several challenges. Usually, various stakeholders across a company need to provide their input. Furthermore, expert legal knowledge is required to conduct a correct assessment. Such legal knowledge must then be combined with a general understanding of risk assessments and technical expertise. To this end, we have devised a way to remedy the need to involve all relevant people and to have a structured process which ensures consistency across all data protection assessments. Our DPIA tool provides a guided standard set of questions which can be assigned to individual people within any organisation. The questions will guide the user through the actual risk assessments and a risk matrix will be generated automatically. The tool also offers the possibility to monitor the process of various data protection impact assessments and, therefore, to centrally oversee all assessments.

The DPIA tool:

  • Supports the performance of data protection impact assessments according to GDPR
  • Takes into account the requirements of data protection supervisory authorities
  • Stores your entries in a secure environment and not on the servers of regulatory agencies
  • Interactively supports the questionnaire completion and asks follow-up questions only for select previous answers
  • Based on your answers, automatically suggests a risk assessment including the measures to be taken
  • Through system-side documentation, supports the fulfillment of data protection obligations ("accountability")

By reducing the burden around GDPR compliance and risk assessment, one has more time and resources to focus on one's core business activities.