1. Privacy impact assessmentA web based tool for Privacy/Legal/Compliance teams to engage projects and changes to their organisationwww.dataprotectionofficer.comBy Ben Oguntala Ben.oguntala@dataprotectionofficer.com www.dataprotectionofficer.com

2. Introduction Project manager or business units -Start cyclecan create a project and manage the progress of their project through its milestones and can oversee how all its risks are identified and managed. EngageApprovalproject team Privacy/legal/compliance - can interface with the project team and have new projects, changes or business unit ideas assessed for risks and provide resolution.Privacy Risk Complete This solution is a web based, effective managementsurveyand collaborative solution for privacy risk management. It allows for an effective business process that allowsPrivacy both the project management teamsimpact and compliance teams to addressassessment project privacy issues as it progresses through its lifecycle. www.dataprotectionofficer.com 3. Privacy impact assessment cycle3rd partyDetail Privacy impact assessment Privacy Business unitMed &policies high risks Information Project asset1 24 management Data PIAsecurity 5Log on toPIA initial PIA tool surveyChange ISA request team 36Contract Low riskregister registerPrivacy ProjectRisk 1 PIA tool will be located on your intranet , accessible by all business units and Project Managers 2 PIA initial survey will be completed by projects and risk assessed. You can customise your PIA initial survey 3 Projects that score Low on the PIA Initial survey will have low privacy impact and be stored in the register. 4Projects that score Medium or High will require a full Privacy impact assessment by the compliance team 5Projects will be rated after their detailed PIA, those with mitigations = Low and those without Med/High 5 Privacy risk register will contains all the projects with risks associated awaiting review and resolution.www.dataprotectionofficer.com 4. Process overviewCapturing project/change privacy risk management lifecycleRisk assurancePrivacy/compliance teamForum3rd partyPrivacyRisk RiskProjectpolicies AcceptancereviewPIA form (online) form Privacy Riskmitigation Engagement Information ChangeassetSuppliersDatasecurity register Business Privacy RiskunitsISA Contract register Project www.dataprotectionofficer.com 5. Privacy project engagement solution overviewProjectPrivacyRisk Project Business management Complianceassurance manageranalystofficeor Legalforum Project registerProject ProjectPIA initialRiskManager PIA Riskregistration documentationsurvey mitigationallocationacceptance Risk review formRisk register Project A simple web based tool that capture changes to your organisations framework providing a consolidated platform to manage potential risks to your estate.www.dataprotectionofficer.com 6. The key participants Privacy Programme ProjectPrivacy ImpactRisk Assurancecompliance or managementmanagementAssessmentforumlegalLight touchProjectProject SeniorPIA survey option (Fast approvalmanagementmanagementtrack)PrivacyChangePIA project Project teamimpactRisk Register approval allocation assessment Supplier orProjectRisk ProjectPIA business unit Milestoneacceptancemilestonestakeholders approval Gate approvalform Project Riskfunding Risk review identificationcontrolThe web based tool ensures that the key participants are engaged and the business processesensures a consistent approach to all projects/changes.www.dataprotectionofficer.com 7. The business processSPMB RAF PrivacySys adminProgrammeProject office Risk consultant Risk Assurance managerofficeforum Assess Projectproject riskAcceptReview System allocation to survey assigned project riskadministration Project PMprojects registerinitiationresults SPMB AssessRisk(Programme Upload Privacy Project costresourceproject and acceptanceoffice) userscodeproject allocation carry out formallocation details risk approval assessment Privacy ProjectLegal/Compliance Handover toUpdateprojectprivacyFind risk project management resources mitigations RAF management Periodic (Risk AssuranceAssign review of the Forum) projects toRaise projectrisk register CompleteUsersrisk risk in the FRS surveyconsultant risk register The tool ensures that the business process engages the right units at the right time and ensures that there are no redundant or neglected elements within the operation. www.dataprotectionofficer.com 8. snapshots Initial PIA Survey with Score www.dataprotectionofficer.com 9. Projectregister ProjectProjectPIA initialRiskPrivacyManagerPIARisk registrationdocumentationsurvey mitigationallocation PIA www.dataprotectionofficer.com 10. The lifecycle Projectregister ProjectProject PIA initial RiskPrivacyManagerPIARisk registrationdocumentation surveymitigationallocationFor more information about implementingPrivacy Impact Assessment for your projectsplease contact: Ben OguntalaBen.oguntala@dataprotectionofficer.com07812 039 867 www.dataprotectionofficer.com