Template: Doing a Data Protection Impact Assessment
Data protection Impact Assessments are a requirements under the General Data Protection Regulation. Here we explain how an when you should carry one out and provide you with a template.
Last updated: 15 June 2022
About
A Data Protection Impact Assessment (DPIA) is a process to help you identify and minimise the data protection risks of a project.
It's essential to carry out a DPIA in the planning stages of any projects where:
- You’re collecting any new personal or special category data from people.
- You’re introducing a new database, survey tool or online feedback centre.
- You’re introducing a new data analysis tool.
- You’re working with a new partner to collect data for the first time, for example, with another local Healthwatch.
- You’re engaging a new data processor.
- You’re planning a different approach to collecting or storing feedback from the public, for example, holding data online rather than physically.
- A personal data breach would jeopardise the physical health or safety of individuals.
Download a template
We have created this template for you to document that you have considered the data protection issues for relevant projects. It consists of:
- An example Data Processing Impact Assessment (DPIA) for a new survey tool, and
- A blank DPIA template for you to use.
Data Impact Assessment Template