Data Protection Impact Assessment: 8 Wk

Lighthouse Global

Empowering teams to understand, map, and mitigate data privacy risk with Microsoft 365.

Following Schrems II, organizations who use US-based cloud service providers face greater uncertainty related to GDPR requirements than ever before. The Privacy Shield is now gone and Standard Contractual Clauses, for so long the bedrock of EU-US data transfers, are no longer sufficient. As a result, many organizations have delayed a decision to assess a move to Microsoft 365, and some organizations that were mid-project have paused their work until there is further clarity, and / or the EU Data Boundary is in place.

Data Protection Impact Assessments helps organizations considering adopting Microsoft 365 or those with a stalled implementation to understand and mitigate any GDPR-related risk and concerns. Through this process we help organizations map and mitigate any GDPR-related risks or concerns, so that they can move forward confidently with adoption of Microsoft 365 without the need to wait until the EU Data Boundary is in place. The steps we follow include 1. Risk Identification: Lighthouse experts review internal data to identify risks related to GDPR data privacy requirements for your organization. 2. Roadmap to Risk Mitigation: Our team provides specifics on how to manage any identified risks through a combination of people, process, and technology options. 3. Accelerated Adoption: With a DPIA, organizations can unstick Microsoft 365 projects stalled because of concerns around data privacy risk related to GDPR.

A Structured 8-week engagement consisting of 5 phases

Set the Foundation

  • Identify core team
  • Confirm visions, goals, and strategy
  • Develop roles & responsibilities
  • Tailor DPIA methodological approach

    Define the scope

  • Define and document Threshold Test and decision
  • Create needed tools such as questionnaires
  • Document data flows


  • Consult with data subjects, stakeholders
  • Assess legal bases for processing
  • Identify and categorize risks
  • Calibrate risks


  • Drive stakeholder understanding and alignment
  • Workshop findings to develop mitigation strategy
  • Re-assess risks with mitigations
  • Validate final risk assessment and formalize with stakeholders


  • Identify controls
  • Define governance / maintenance plan
  • Implement

  • Sekilas