Trustpilot
E-Sign Banner
ISO 27001 Certified
Welcome to Simply-Docs
Corporate
Employment
Health & Safety
Property
Samples & Free
Business
UK GDPR & Data Protection
Data Protection Audits & Assessments
Download

Data Protection Impact Assessment

BS.DAT.DPIA.01

A Data Protection Impact Assessment (DPIA), also known as a Privacy Impact Assessment (PIA), is an important part of UK GDPR compliance for higher-risk processing involving personal data.

This template helps you identify privacy risks in a new project, assess possible solutions, and build agreed measures into the project plan. It has been updated for compatibility with the UK GDPR.

Note: A Data Protection Impact Assessment is not something to be taken lightly, particularly if it is required under the UK GDPR or by the ICO according to the screening criteria outlined below.

If a high risk is identified and you cannot mitigate it satisfactorily with a solution, you must consult the ICO before starting to process personal data for the relevant purposes.

When a DPIA is required

You must carry out a DPIA if you plan to:

  • carry out systematic and extensive profiling that will have significant effects;
  • process sensitive personal data, or data about criminal offences, on a large scale; or
  • systematically monitor public spaces on a large scale.

The ICO also identifies other situations that may call for a DPIA, including:

  • using new technologies;
  • profiling or using sensitive personal data to decide access to services;
  • large-scale profiling;
  • processing biometric or genetic data;
  • matching or combining data from multiple sources;
  • invisible processing;
  • tracking individuals’ location or behaviour;
  • profiling children or targeting services to them; and
  • processing data where a breach could endanger physical health or safety.

Even where a DPIA is not strictly required, it may still be good practice where a project involves personal data and presents material privacy risks.

What this template covers

The template starts with a summary of the proposed project and screening questions, then moves on to consultation, the personal data involved, how it will be processed, stored, retained, and shared, and the lawful basis or bases for processing.

It then covers risk identification, proposed and approved solutions, implementation within the wider project plan, and final approval and sign-off.

Important legal point

The potential risks and possible solutions included in the template are starting points only. They are not exhaustive, and care must be taken to identify all relevant risks and establish suitable solutions for the project in question.

Data Protection Impact Assessment is part of Business . Just £38.50 + VAT provides unlimited downloads from Business for 1 year.

Download
Business Buy Only £38.50 + VAT!
Unlimited Downloads for One Year
No Auto-Renewal
All Data Protection Audits & Assessments
All UK GDPR & Data Protection

Simply-4-Business Ltd Registered in England and Wales No. 4868909, 20 Mortlake High Street, Mortlake, London SW14 8JN

Trustpilot
Top