A Data Protection Impact Assessment (DPIA) is a useful tool to help NHS Digital demonstrate how we comply with data protection law.
DPIAs are also a legal requirement where the processing of personal data is “likely to result in a high risk to the rights and freedoms of individuals”. If you are unsure whether a DPIA is necessary, you should complete a DPIA screening questionnaire to assess whether the processing you are carrying out is regarded as high risk.
By completing a DPIA you can systematically analyse your processing to demonstrate how you will comply with data protection law and in doing so identify and minimise data protection risks.
This document should be read in conjunction with the DPIA Guidance and DPIA Screening Questionnaire.
Last edited: 8 October 2021 8:53 am