Trustpilot
E-Sign Banner
ISO 27001 Certified
Welcome to Simply-Docs
Corporate
Employment
Health & Safety
Property
Samples & Free
Business
UK GDPR & Data Protection
Data Protection Audits & Assessments
Download

Data Protection Impact Assessment (Short Form)

BS.DAT.DPIA.02

This Data Protection Impact Assessment (Short Form) is a shorter, more flexible version of our Data Protection Impact Assessment template. It is designed for projects involving personal data where you want a less prescriptive format while still following the criteria set out in the UK GDPR.

A DPIA is an important part of the data protection by design and default approach under the UK GDPR and the Data Protection Act 2018. Where a project is likely to result in a high risk to individuals, a DPIA is required by law, but it can also be a useful exercise even where not strictly mandatory.

In simple terms, a DPIA helps you identify and minimise the risks associated with personal data in a project, including the likelihood and severity of those risks.

If a high risk is identified that cannot be mitigated satisfactorily, you must consult with the Information Commissioner’s Office before starting to process personal data for the relevant purpose or purposes.

A more open and adaptable DPIA format

Unlike the fuller template, this short form does not use a granular set of questions under every heading. Instead, it focuses on the key issues to be considered, making it easier to tailor the assessment to the project in question.

When a DPIA is required

You must carry out a DPIA if you plan to:

  • carry out systematic and extensive profiling that will have significant effects;
  • process sensitive personal data, or data about criminal offences, on a large scale; or
  • systematically monitor public spaces on a large scale.

The ICO also identifies other situations that may call for a DPIA, including:

  • using new technologies;
  • using profiling or sensitive personal data to determine individuals’ access to services;
  • profiling individuals on a large scale;
  • processing biometric or genetic data;
  • matching or combining data from multiple sources;
  • collecting personal data from a source other than an individual without providing a privacy notice;
  • tracking individuals’ location or behaviour;
  • profiling children or targeting services to them; and
  • processing data that may endanger individuals’ physical health or safety if a security breach occurs.

What this template covers

The template covers project summary, whether a DPIA is required, consultation, necessity and proportionality, risks, solutions, approved solutions, integration of outcomes into the project plan, and approval and sign-off.

For practical guidance on the DPIA process, see the Data Protection Impact Assessment Guidance Notes.

Data Protection Impact Assessment (Short Form) is part of Business . Just £38.50 + VAT provides unlimited downloads from Business for 1 year.

Download
Business Buy Only £38.50 + VAT!
Unlimited Downloads for One Year
No Auto-Renewal
All Data Protection Audits & Assessments
All UK GDPR & Data Protection

Simply-4-Business Ltd Registered in England and Wales No. 4868909, 20 Mortlake High Street, Mortlake, London SW14 8JN

Trustpilot
Top