Data Protection Impact Assessment Guidance Notes

These Data Protection Impact Assessment Guidance Notes are designed to help you understand when a DPIA is needed and how to carry one out effectively. They are intended for use alongside the Data Protection Impact Assessment template.

A DPIA is an important part of compliance with the UK GDPR and the Data Protection Act 2018, particularly where a project involves new uses of personal data or new technologies. This document has been updated for compatibility with the UK GDPR.

Understand what a DPIA helps you assess

DPIAs are used to map the personal data involved in a proposed project and assess whether the planned processing is appropriate and proportionate. That includes considering what data will be collected, how it will be stored and used, and the lawful basis for processing.

Risk assessment is central to the process. A DPIA should help you identify potential risks to data subjects and to your organisation, assess their severity, and consider how those risks can be mitigated.

Practical guidance through each stage

These guidance notes explain the key stages of a DPIA and what should be done at each stage, drawing on guidance from the ICO and the European Data Protection Board, as published by its predecessor, the Article 29 Working Party.

The notes cover what a DPIA is, when it is required, how to carry one out, and what to do once it has been completed.

Data Protection Impact Assessment Guidance Notes is part of Business . Just £38.50 + VAT provides unlimited downloads from Business for 1 year.