Privacy Impact Assessment

Data Protection Impact Assessment

The GDPR introduces a new obligation on organisations to do a Data Protection Impact Assessment (DPIA) before carrying out types of processing likely to result in high risk to individuals’ rights and freedoms.

A DPIA is a way for organisations to systematically and comprehensively analyse their processing and help identify and minimise data protection risks.

An effective DPIA can also bring broader compliance, financial and reputational benefits, helping you demonstrate accountability and building trust and engagement with individuals.

The DPIA should be completed once the business case for the project has been drafted.

The DPIA will help assess and identify any privacy concerns and security risks, foresee problems and enable the project sponsor and the project manager to put measures and solutions in place at the early stage of the project rather than later on, which could be costly.

This guidance is produced for project sponsors and project managers to help complete the DPIA.

The council will not be publishing the completed Data Protection Impact Assessment forms as this would contain sensitive information. However please see attached document for the template.

The council does not make completed Data Protection Impact Assessments public as the documents contain sensitive information such as locations of  data, security controls implemented including specific technologies , risks assessments including residual risks. Publishing this information would breach GDRP and Data Protection Act 2018 principles.

Please download a copy of the Data Protection Impact Assessment form for the template.