The SAVVI Information Governance Framework

icon picker
Conducting a Data Protection Impact Assessment

A Data Protection Impact Assessment (DPIA) sets lists the data that will be accessed and sets out the local Benefits, Risks, and Mitigation Measures.
The ICO provides guidance - .

Steps

1
Resources V2.png

Resources


2
action.png

Initial Data Protection Impact Assessment

Read the ICO guidance.
If you have a Data Protection Officer, they will lead, or guide writing the DPIA
Using

The ICO provide a template at
SAVVI has expanded on the ICO template to provide a version that is relevant to a SAVVI project. See .

3
action.png

Carry out risk mitigation actions

The DPIA may have identified a series of actions necessary to bring risk to an acceptable level. This must be carried out before processing data.

There is then an acceptable residual risk that should be monitored.

4
Stop.png

Unacceptable Risk

The DPIA may have highlighted data risks that cannot be immediately mitigated.
There are no rows in this table



Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.