• Academy
  • DP403: Assess and Mitigate Data Protection Risks using a Data Protection Impact Assessment (DPIA)
Back to Academy

Assess and Mitigate Data Protection Risks using a Data Protection Impact Assessment (DPIA)

Course Objectives

A Data Protection Impact Assessment (DPIA) is a robust and widely used instrument to assess and mitigate risks to personal data. It may also be described as a risk-management process as using a DPIA involves various steps to identify and assess risks and consider how best to mitigate them in a manner that is acceptable to an organisation (for example, in line with its risk appetite) and to meet applicable legal standards under Singapore’s Personal Data Protection Act 2012 (PDPA).

This course will provide participants with a sound understanding of how to conduct a DPIA, covering key issues such as what are risks to personal data, identifying risks, assessing risks in line with organisational risk-management frameworks and determining when and how to mitigate a risk. At the end of the course, participants will be able to apply what they have learned within the context of their organisation to impact their organisation’s risk management processes particularly in relation to data protection risks.

Who should attend?

This course is essential for anyone who wishes to develop a good practical understanding of data protection risks and how to assess and mitigate them.

  • Data Protection Officers (DPOs) and Compliance Professionals
  • Data Protection / Privacy Counsels and Corporate Counsels
  • Data Scientists and Data Analysts
  • Information Technology (IT) and Cybersecurity Professionals
  • Human Resource (HR) Professionals
  • Executives, Managers, and Staff involved in the management, collection, use or other processing of personal data

Course Details

Course Code: DP403 
Title: Assess and Mitigate Data Protection Risks using a Data Protection Impact Assessment (DPIA)
Duration: ½ day (approximately 4 contact hours) + optional Workshop (2 contact hours)
Mode of Training: In-person
Available Date(s): 16 June 2025
Time: 9.00am - 1.00pm + 2.00pm - 4.00pm (SGT)
Venue: Drew & Napier LLC, 10 Collyer Quay, 10th Floor, Ocean Financial Centre, Singapore 049315
Course Fee: S$500.00 + optional S$250.00 workshop fee (excluding GST)

Course Outline

  • Overview of data protection risks under the PDPA
  • Identifying a risk in the context of different data processing activities
  • Assessing data protection risk using a Risk Assessment Matrix
  • Strategies for mitigating data protection risks
  • Documenting the risk management process using a DPIA
  • Assessing the effectiveness of the DPIA and the risk management cycle

Course Facilitator

David-N-Alfred-CV.jpg
 
David N. Alfred
 

Director, Corporate &
Finance

Co-Head, Data Protection,
Privacy & Cybersecurity
Practice

Co-Head and Programme
Director, Drew Data
Protection &
Cybersecurity Academy