Conducting a Data Protection Impact Assessment

A Data Protection Impact Assessment (DPIA) sets lists the data that will be accessed and sets out the local Benefits, Risks, and Mitigation Measures.

The ICO provides guidance -

How do we do a DPIA? | ICO⁠

Steps

⁠

⁠

Read the ICO guidance.

If you have a Data Protection Officer, they will lead, or guide writing the DPIA

Using

The ICO provide a template at

⁠

SAVVI has expanded on the ICO template to provide a version that is relevant to a SAVVI project. See

⁠

The DPIA may have identified a series of actions necessary to bring risk to an acceptable level. This must be carried out before processing data.

There is then an acceptable residual risk that should be monitored.

The DPIA may have highlighted data risks that cannot be immediately mitigated.

There are no rows in this table

⁠

Want to print your doc?
This is not the way.

Try clicking the ⋯ next to your doc name or using a keyboard shortcut (

CtrlP

) instead.