A Data Protection Impact Assessment (DPIA) is a process to help an organisation identify and minimise the data protection risks of a project, especially for processing that is likely to result in a high risk to individuals. To assess the level of risk, both the likelihood and the severity of any impact on individuals must be considered. High risk could result from either a high probability of some harm, or a lower possibility of serious harm. It is also good practice to do a DPIA for any other major project which requires the processing of personal data, sometimes it is a mandatory data protection requirement.
The DPIA must:
- describe the nature, scope, context and purposes of the processing;
- assess necessity, proportionality and compliance measures;
- identify and assess risks to individuals; and
- identify any additional measures to mitigate those risks.
Here at Salisbury NHS Foundation Trust we work closely with suppliers and colleagues across the Trust to ensure that this GDPR obligation is carried out, recorded and regularly reviewed.
Below you will find a summary of all DPIAs carried out since 25th May 2018 when this became a data protection requirement. The lists will be periodically updated with new completed DPIAs but if you would like more information about our process, or those listed below, please contact firstname.lastname@example.org