Data protection impact assessment—DPIA

The following Risk & Compliance precedent provides comprehensive and up to date legal information covering:

  • Data protection impact assessment—DPIA

Data protection impact assessment—DPIA

    1. 1

      Project overview

      Project summary[Summarise the project, eg new IT system for storing and accessing personal data, or proposal to identify people in a particular group or demographic to predict their buying needs]
      Processing purposes[Insert the purposes of the processing, eg Improve the quality and accuracy of employee personal data and implement an improved process for deleting data that is no longer required]
      Lawful ground for processing[Insert lawful ground. Where the organisation intends to rely on legitimate interests as the lawful ground for processing, describe those legitimate interests and also confirm that a legitimate interest assessment has been undertaken.]
    1. 2

      Identify the need for a DPIA

      1. 2.1

        Project aims and benefits

        What does the project aim to achieve?[State what the project aims to achieve]
        What are the anticipated benefits to the [company OR firm], individuals and/or other parties?[Describe anticipated benefits]
      1. 2.2

        Preliminary screening

        QuestionAnswer/comment
        Does the project involve one or more of the following:
        —systematic and extensive evaluation of personal aspects relating to natural persons based on automated processing (including profiling) on which decisions are based that produce legal effects for or similarly significantly affect a data subject
        —processing on a large scale of special category personal data or data relating to criminal convictions and offences
        —systematic monitoring of a publicly accessible area

Popular documents