Data Protection Impact Assessment Guidance Notes
When planning a new project that involves personal data, particularly one which envisages a new use for that data or involves new technologies, a Data Protection Impact Assessment (sometimes also referred to as a Privacy Impact Assessment) is an important part of complying with the UK's data protection legislation (including the UK GDPR and the Data Protection Act 2018).
This document has been updated for compatibility with the UK GDPR and is ready for use from the start of 2021.
Data Protection Impact Assessments (DPIAs) are designed to help you map out the data flows involved in a proposed project. What data will be collected? How will you store it? How will you use it? On what lawful basis? Many questions should be asked in order to determine whether your proposed use of personal data is appropriate and proportionate, taking into account your overall goals.
Risk assessment plays a central part in a DPIA. You should identify all potential risks posed to individual data subjects (and indeed to your own organisation) and assess the severity of those risks. Having done so, it is important to consider and decide how you will mitigate them.
These Data Protection Impact Assessment Guidance Notes have been created as an essential guide to the DPIA, setting out the key stages, and explaining more about what you should do at each stage and why, drawing on guidance from the ICO and from the European Data Protection Board (as published by its predecessor, the Article 29 Working Party).
These Data Protection Impact Assessment Guidance Notes contain the following sections:
Part 1. What is a Data Protection Impact Assessment?
Part 2. When is a DPIA Required?
Part 3. Carrying Out a DPIA
Part 4. What’s Next?
Once you have purchased access to the appropriate document folder click on the “Download Document” link below. You will be asked what you want to do with the file. It is recommended that you save the document to a location of your choice prior to viewing.