Skip to content
Gallery
savvi-logo-colour
SAVVI
Welcome
About SAVVI
The SAVVI Declaration
SAVVI Playbook
Data Standards
Catalogue
Case Studies
Videos
News
Getting Involved
Resources
Share
Explore
The SAVVI Information Governance Framework

icon picker
Conducting a Data Protection Impact Assessment

A Data Protection Impact Assessment (DPIA) is a process designed to help systematically analyse, identify and minimise the data protection risks of high risk processing. It also helps to assess and demonstrate compliance with other data protection obligations.
A DPIA should lists the data that will be accessed and sets out the local Benefits, Risks, and Mitigation Measures.
The ICO provides guidance -
How do we do a DPIA? | ICO
.

Steps

Resources V2.png

Resources

How do we do a DPIA? | ICO

action.png

Initial Data Protection Impact Assessment

Read the ICO guidance.
If you have a Data Protection Officer, they will support, or guide writing the DPIA
Using

The ICO provide a template at
dpia-template.docx (live.com)
SAVVI has expanded on the ICO template to provide a version that is relevant to a SAVVI project. See
Templates
.

action.png

Carry out risk mitigation actions

The DPIA may have identified a series of actions necessary to bring risk to an acceptable level. This must be carried out before processing data.
There is then a residual risk that should be monitored.

Stop.png

Unacceptable Risk

The DPIA may have highlighted high risk processing that cannot be promptly mitigated.
There are no rows in this table



Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.