Data Protection Impact Assessments Procedure
A Data Protection Impact Assessment (DPIA) is a tool that enables organisations that process personal data, including the Police, to identify the most effective way to comply with the requirements of the Data Protection Act and meet individuals’ expectations of privacy. Data Protection Impact Assessments are a mandatory requirement under the Data Protection Act 2018 (DPA) and the General Data Protection Regulation (GDPR). A DPIA is required for any initiative where the processing of personal data could result in a high risk to the rights and freedoms of individuals. Initiatives could include the reuse of personal data we already use for other purposes, any new data sharing arrangements, any new system purchase, system replacement or alterations to systems containing personal data that could impact the personal data.
Early consideration of any risks posed to an individual’s personal data supports the concept of Privacy by Design, which ensures that all Data Protection and privacy issues are considered from the earliest opportunity in an initiative’s lifecycle. It is far easier to build privacy into a system at the development stage than trying to make something fit before go-live or even after go-live. If the need for a DPIA has been identified, processing activity should not commence until the DPIA has been signed off. Allowing processing to commence before the DPIA is completed could potentially result in high risk processing and be in breach of data protection legislation.[application/msword] Last modified: December 17, 2020