Privacy Impact Assessment

A Privacy Impact Assessment helps you understand the privacy implications of your organisation’s projects, practices and technologies.

Customers, staff and others entrust your organisation with their personal information. In return, it is expected that all reasonable measures will be taken to safeguard that information.  

Confidence and trust in organisations that fail to protect the privacy of those whose information they hold will be undermined. This can result in long-term reputational damage and financial losses.

With a thorough understanding of the privacy implications of your organisation’s projects, practices and technologies, you can achieve alignment with best-practice privacy approaches and build trust in your organisation.

What is a Privacy Impact Assessment (PIA)?

A Privacy Impact Assessment, or PIA, by elevenM examines your organisation’s projects, practices and technologies to determine their potential privacy implications. 

By conducting a PIA during the planning phases of any new initiative, you can ensure privacy considerations sit at the heart of your organisation. Conducting early-stage PIAs is a best-practice approach that aligns with “Privacy-by-Design” principles. It helps avoid the need to retroactively address privacy challenges, which can be costly and time-consuming.

What are the benefits?

Ensure you are meeting your privacy compliance obligations

Identify and manage your project's privacy risks

Build long-term trust in your brand among customers, staff and others

"Privacy by Design" is more cost effective than retroactively implementing privacy controls

Methodology

elevenM works with you to determine the key outcomes you are seeking to achieve, and the privacy risks your organisation faces.

Our team of privacy consultants tailor every engagement to meet the unique circumstances of every client.

You will gain a comprehensive assessment of the potential privacy implications, along with specific, prioritised remediation activities to uplift the privacy controls of the assessed project, practice or technology.

Throughout the engagement, we use specialised tools that ensure the assessment process is clear, consistent and clearly documented. 

Set the scope

What you want to assess, what types of issues you would like covered and how you would like our findings to be reported to you.

Gather information

Starting with a kick-off meeting, we begin consulting with stakeholders to collect all of the information that we need for the assessment.

Analysis

We carry out a detailed assessment, identifying compliance issues, privacy risks and opportunities for improvement. We can also document the flow of personal information associated with your project.

Reporting

We consult with you on our findings and provide you with a detailed report.

Findings management

We work with you to identify and document practical actions you can take to manage any issues identified in our assessment.

Want to be able to carry out PIAs yourself?

We provide a range of privacy services which help you build your privacy knowledge and train you staff to conduct PIAs. We also offer tailored versions of our assessment tools which you can keep and use to streamline the PIA process.

Frequently asked questions

A PIA should be conducted as early as possible whenever your organisation embarks on a new project, practice or technology.

Yes, a PIA can be conducted against existing projects, practices and technologies.

However, the best practice approach is to carry out a PIA during the planning stages of an initiative and throughout the implementation phases. This way, privacy issues can be addressed early rather than being treated as an afterthought.

A PIA analyses a specific project, practice or technology, including its data flows, in order to determine whether the initiative is compliant with relevant privacy rules.

By contrast, a Privacy Capability Assessment (PCA) provides a holistic view of your organisation’s approach to privacy. It helps determine your organisation’s privacy maturity and whether your capabilities align with your privacy objectives.

Let's talk

We work with every organisation individually to tailor our work to your needs.