Data protection impact assessment

Copyright © 2025 LexisNexis

A data protection impact assessment (DPIA) does what the name suggests—it’s a way of assessing the data protection impact of a particular project or process on any affected individuals.

For tools and guidelines on conducting a DPIA, see Precedents:

  1. Data protection impact assessment—DPIA and Data protection impact assessment—DPIA—short form

  2. Data protection impact assessment—DPIA—report

  3. Data protection impact assessment—consultation form

  4. Data protection impact assessment—consultation feedback form

The ICO guidance on DPIAs can be found in two locations: UK GDPR guidance and resources, Accountability and governance, Guide to accountability and governance, Data protection impact assessments and UK GDPR guidance and resources, Accountability and governance, Data Protection Impact Assessments (DPIAs).

What is a data protection impact assessment?

A DPIA is a tool that can help you:

  1. identify and minimise the data protection risks of new projects, and

  2. meet individuals’ expectations of privacy

Generally, a DPIA is conducted at the start of a project that could have data protection or privacy implications, eg rolling out a new document management or HR system. The DPIA will enable you to:

  1. systematically and thoroughly analyse

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Existing user? Sign-in TAKE A FREE TRIAL
Powered by Lexis+®
Latest Risk & Compliance News

FCDO announces sanctions against Russian GRU units and officers for cyber attacks

The Foreign, Commonwealth and Development Office (FCDO) has imposed sanctions on three units of Russia's Main Intelligence Directorate (GRU) and 18 military intelligence officers. The measures target units responsible for cyber operations against UK infrastructure and the 2022 Mariupol Theatre bombing. The sanctions package includes restrictions on GRU Unit 26165, which conducted reconnaissance for missile strikes, and officers linked to the 2018 Salisbury poisonings. Additional sanctions target three leaders of 'African Initiative' for conducting Russian-backed disinformation campaigns in West Africa.

OFSI publishes updated guidance and reporting forms

OFSI has updated its Reporting information to OFSI- what to do guidance with new reporting forms and updated links which are set out in the guidance.

HM Treasury publishes 2025 NRA of Money Laundering and Terrorist Financing

HM Treasury has published its 2025 National Risk Assessment (NRA) of Money Laundering and Terrorist Financing. The report highlights that the UK’s open, globally connected economy—while a strength—also makes it vulnerable to abuse by criminals and terrorists. Key threats include fraud, cybercrime, drug trafficking, tax evasion and the misuse of cryptoassets, property and corporate structures. The report emphasizes the growing complexity of money laundering typologies, including trade-based laundering, informal value transfer systems and the use of professional enablers. Terrorist financing threats are also evolving, with funds often raised through legitimate means and transferred via digital platforms or informal networks.

Government responds to 2024 MLR consultation

HM Treasury (HMT) has published the government’s response to the 2024 consultation on the Money Laundering Regulations (MLRs), detailing changes that will be made to the MLRs to close loopholes, clarify requirements and ensure customer due diligence is targeted at high-risk activity. A draft Statutory Instrument will be published for technical feedback in due course, and laid before Parliament later in 2025 if parliamentary time allows. The government says other issues will be addressed through guidance, in collaboration with supervisors, to ensure a consistent, risk-based approach.

View Risk & Compliance by content type :
News
Practice notes
Precedents
Q&As

Popular documents

Priority between loss reliefs in loss making companies

Priority between loss reliefs in loss making companiesWhy does it matter?A company that is a member of a group and has incurred any of the types of losses available for surrender by way of group relief may, without any further rules, have more than one way in which to use the loss. There are a

What is the difference between an appeal and a review?

What is the difference between an appeal and a review?What is an appeal?An appeal in insolvency proceedings is no different to an appeal in normal litigation. An appeal will be allowed only if the appeal court is satisfied that the decision of the lower court was 'wrong' or 'unjust because of a

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal fees, will that count as a PET against their estate?A disclaimer is the refusal of a gift prior to acceptance. The refusal of the gift must take place before the beneficiary accepts any benefit

Can shares in a limited company that have not been paid-up at all be cancelled?

Can shares in a limited company that have not been paid-up at all be cancelled?A limited company having a share capital may not alter that share capital, except in the ways listed in section 617 of the Companies Act 2006 (CA 2006). Shares in a company cannot simply be cancelled without following an
Priority between loss reliefs in loss making companies

Priority between loss reliefs in loss making companies

Priority between loss reliefs in loss making companiesWhy does it matter?A company that is a member of a group and has incurred any of the types of losses available for surrender by way of group relief may, without any further rules, have more than one way in which to use the loss. There are a

What is the difference between an appeal and a review?

What is the difference between an appeal and a review?

What is the difference between an appeal and a review?What is an appeal?An appeal in insolvency proceedings is no different to an appeal in normal litigation. An appeal will be allowed only if the appeal court is satisfied that the decision of the lower court was 'wrong' or 'unjust because of a

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal fees, will that count as a PET against their estate?A disclaimer is the refusal of a gift prior to acceptance. The refusal of the gift must take place before the beneficiary accepts any benefit

Can shares in a limited company that have not been paid-up at all be cancelled?

Can shares in a limited company that have not been paid-up at all be cancelled?

Can shares in a limited company that have not been paid-up at all be cancelled?A limited company having a share capital may not alter that share capital, except in the ways listed in section 617 of the Companies Act 2006 (CA 2006). Shares in a company cannot simply be cancelled without following an