Lauren Wills-Dixon discusses how to identify and assess data risk

Lauren Wills-Dixon, senior lawyer and data privacy expert, has contributed to an article by leading business publication Raconteur discussing how to identify and assess data risk.

The comments were used as part of a wider insights piece looking at SaaS data and data strategy.

When looking at identifying the business impact of any risks, Lauren says that organisations should conduct a data protection impact assessment (DPIA). This is an internal document which can help businesses identify its processing activities.

It can also determine if the business has a lawful basis to use that data in the intended way, document types of personal data involved, identify risks and mitigation efforts.

Lauren said: “A DPIA is required for “high risk” processing activities which could impact on an individual’s rights and freedoms. It’s good practice to implement at the start of development of a new project or technology – but in any case, before any processing activity takes place.”

However, Lauren argues that for many organisations, privacy is still not a high priority.

Lauren added: “We see many organisations considering privacy as an afterthought which is often too late to mitigate inherent business risks given the damage is already done.

“In a world where AI processing is growing and risks are somewhat unquantifiable, impact assessments are of ultimate importance and help set standards in businesses when it comes to adopting novel technologies or otherwise engaging in high risk activities.”

You can read Lauren’s comments within the full piece in Raconteur here.

Our data privacy lawyers provide specialist, practical and straight-forward advice. Find out more about what they can do for you.