Privacy Impact Assessments
Privacy impact assessments (or data protection impact assessments) are a great way to assess the impact of any changes on the data you control or process. They’re considered best practice and are mandatory for government bodies. They clearly demonstrate the process that was used to consider the impact on personal data for any change that’s made. For example, if you were thinking of changing the configuration of your reception area you’d need to consider whether personal data was visible to your guests and if it was, what the impact of that might be.
Under the GDPR, which becomes law on 25th May 2018, privacy impact assessments are required for any high risk processing activities.