What is a Data Protection Impact Assessment?
A Data Protection Impact Assessment (DPIA) is a process that assists an organisation to identify and minimise data protection risks of projects or plans.
It is a key obligation under UK GDPR and helps to assess compliance with all data protection obligations especially for processing that is likely to result in a high risk to individuals. When assessing the level of risk, both the likelihood and severity of any impact to an individual must be considered. It is good practice to carry out a DPIA for any project that requires processing of personal data.
The DPIA must:
- Describe the nature, scope, context and purposes of the processing;
- Assess necessity, proportionality and compliance measures;
- Identify and assess risks to individuals ; and
- Identify and additional measures to mitigate those risks.
Current DPIAs held by CDDFT
Here at County Durham and Darlington NHS Foundation Trust (CDDFT) we work closely with colleagues across the Trust and suppliers to ensure that we are compliant with UK GDPR obligation.
Below you will find a summary of all current DPIA’s held by CDDFT. This list is periodically updated with new completed DPIAs, if you would like more information about our process, or those listed below please email: Cddft.