A data protection impact assessment (DPIA) does what the name suggests—it’s a way of assessing the data protection impact of a particular project or process on any affected individuals.
For tools and guidelines on conducting a DPIA, see Precedents:
Data protection impact assessment—DPIA and Data protection impact assessment—DPIA—short form
Data protection impact assessment—DPIA—report
Data protection impact assessment—consultation form
Data protection impact assessment—consultation feedback form
The ICO guidance on DPIAs can be found in two locations: UK GDPR guidance and resources, Accountability and governance, Guide to accountability and governance, Data protection impact assessments and UK GDPR guidance and resources, Accountability and governance, Data Protection Impact Assessments (DPIAs).
A DPIA is a tool that can help you:
identify and minimise the data protection risks of new projects, and
meet individuals’ expectations of privacy
Generally, a DPIA is conducted at the start of a project that could have data protection or privacy implications, eg rolling out a new document management or HR system. The DPIA will enable you to:
systematically and thoroughly analyse
To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.
**Trials are provided to all LexisNexis content, excluding Practice Compliance, Practice Management and Risk and Compliance, subscription packages are tailored to your specific needs. To discuss trialling these LexisNexis services please email customer service via our online form. Free trials are only available to individuals based in the UK, Ireland and selected UK overseas territories and Caribbean countries. We may terminate this trial at any time or decide not to give a trial, for any reason. Trial includes one question to LexisAsk during the length of the trial.
The Solicitors Regulation Authority (SRA) has published guidance on terminating client retainers, clarifying the circumstances in which solicitors and...
This week's edition of Practice Compliance weekly highlights includes changes to the UK financial sanctions framework, the SRA’s upcoming July 2026...
The Solicitors Regulation Authority (SRA) has announced that its annual anti-money laundering (AML) and sanctions data collection exercise is...
Corporate Crime analysis: In this update, corporate crime experts Elliott Kenton, partner, and James Camidge, solicitor, at Weightmans, distil the...
If a rentcharge is shown as being informally exonerated on title information, does this apply to the current registered owner? Or does the informal exoneration only apply to the parties to the document which informally exonerated the rentcharge?This Q&A considers the situation where, at some
If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal fees, will that count as a PET against their estate?A disclaimer is the refusal of a gift prior to acceptance. The refusal of the gift must take place before the beneficiary accepts any benefit
Can shares in a limited company that have not been paid-up at all be cancelled?A limited company having a share capital may not alter that share capital, except in the ways listed in section 617 of the Companies Act 2006 (CA 2006). Shares in a company cannot simply be cancelled without following an
Template for regulatory references given by SMCR firms and disclosure requirements[Insert addressee details]Dear [insert name][It is our understanding that [insert name of prospective employee] [was an employee of yours between the dates of [insert dates as appropriate] OR is a current employee of
0330 161 1234