A Data Protection Impact Assessment (“DPIA”) is a type of risk assessment in which an organisation identifies the data protection risks associated with particular processing activities and determines how to best minimise those risks. In many countries, conducting DPIAs is a legal requirement in certain circumstances. Regulators may even wish to see your DPIAs to ensure compliance, such as in response to reporting a data breach. To help streamline the cumbersome process of completing DPIAs, the 9ine App DPIA feature provides an easy-to-use system that captures the requisite information.
Objectivity is important when it comes to understanding risks. Your school should have a consistent and standard approach to determine when a DPIA is required. The 9ine App accomplishes this through the use of consistent screening questions which enable efficient identification of when a DPIA should be performed. Within the context of safeguarding processing activities, for example, because those involve children, special category data, and in many cases technology, a DPIA is almost always required.
DPIAs are an ongoing effort, not simply a one-time occurrence. Maintaining your school’s DPIAs requires the continual assessment of risks associated with your processing activities. With safeguarding activities, for example, there are ongoing risks that need to be managed. These include access to safeguarding information, information handling and security. Without considering ongoing risks, you cannot discharge your compliance obligations. The 9ine App has been designed to provide a consistent approach to assessment, evaluation and management - reducing the time necessary to create and manage DPIAs and enabling the visibility of privacy risk management across the school.
In many cases, the completion of a DPIA requires input from numerous stakeholders. The data owner of a DPIA relating to safeguarding is likely to be your school’s Designated Safeguarding Lead or Child Protection Officer. However, as technology is likely to be used, a school’s IT department will likely need to be involved, as will your school’s data protection lead and senior management. The 9ine App enables this collaboration via an Intelligent workflow design which enables a school to control who needs to be notified when a new DPIA is created. You can even allocate tasks and risks for each of those stakeholders to manage and complete - automating the governance responsibility and reducing ad hoc communications and unmanaged emails.
Many schools use specialised software to manage safeguarding incidents, creating a central view of safeguarding incidents in the school. In these cases, the third-party software provider is likely to be a ‘data processor.’ When using data processors, schools (as data controllers) need assurance that the processor is compliant with data protection laws when processing personal data. The 9ine App assists with this by providing a single, simplified interface for viewing and assessing relationships with external parties. This enhances your school’s ability to meet regulatory requirements concerning data sharing and contracts. Whether you work with joint controllers, data processors, or other third parties, DPIAs allow you to track international data flows, document data sharing arrangements and steward compliance requirements.
After data protection risks are identified in the DPIA process, it is pertinent to reduce those risks, such as by putting in place sufficient technical and organisational measures. The 9ine App DPIA feature allows you to identify the measures to be implemented and allows you to objectively evaluate the residuals risks of processing. The documentation of these decisions enhance your school’s ability to satisfy the accountability requirements in order to demonstrate compliance.
The 9ine App gives you the power to manage risks associated with any processing activity your school conducts.