Data Protection Impact Assessment

It is a requirement of the General Data Protection Regulations that all new systems, processes or services have a DPIA conducted prior to go-live to ensure due consideration of data protection by design and default.

During the period under which organisations are responding to the COVID-19 pandemic, this short form can be used to capture key elements of the project or system being implemented, after which a retrospective full DPIA must completed. This questionnaire will still be reviewed by the relevant stakeholders and will be signed off by the Information Asset Owner/SIRO and sent to the IG Lead to ensure that the DPIA log is continually updated.

For the full document please download the attached PDF.