JavaScript required
We’re sorry, but Coda doesn’t work properly without JavaScript enabled.
Skip to content
Gallery
SAVVI
Welcome
About SAVVI
The SAVVI Declaration
SAVVI Playbook
Data Standards
Catalogue
Case Studies
Videos
News
Getting Involved
Resources
More
Share
Explore
The SAVVI Information Governance Framework
Conducting a Data Protection Impact Assessment
A Data Protection Impact Assessment (DPIA) sets lists the data that will be accessed and sets out the local Benefits, Risks, and Mitigation Measures.
The ICO provides guidance -
How do we do a DPIA? | ICO
.
Steps
1
Resources
How do we do a DPIA? | ICO
2
Initial Data Protection Impact Assessment
Read the ICO guidance.
If you have a Data Protection Officer, they will lead, or guide writing the DPIA
Using
The ICO provide a template at
dpia-template.docx (live.com)
SAVVI has expanded on the ICO template to provide a version that is relevant to a SAVVI project. See
Templates
.
3
Carry out risk mitigation actions
The DPIA may have identified a series of actions necessary to bring risk to an acceptable level. This must be carried out before processing data.
There is then an acceptable residual risk that should be monitored.
4
Unacceptable Risk
The DPIA may have highlighted data risks that cannot be immediately mitigated.
There are no rows in this table
Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
Ctrl
P
) instead.