Data Protection Impact Assessments (DPIA)

A DPIA is a mechanism for identifying, quantifying and mitigating data privacy risks – a privacy risk assessment.

It is undertaken to ensure appropriate controls are put in place when any new process, system or ways of working involving the use of high risk processing, such as “health data”,  is introduced.

The completion of a DPIA is a legal requirement under the General Data Protection Regulation, in addition organisations are required to publish their DPIA’s to support transparency.

Link to Patient Privacy Notice

Link to DPIA List