Data Protection Impact Assessments (DPIAs) 

Data Protection Impact Assessments (DPIAs)  are required under the General Data Protection Regulation (EU) 2016/679.  DPIAs are an integral part of taking a privacy by design approach.  

DPIAs  are required under the General Data Protection Regulation (EU) 2016/679, where data is being used in a manner that it either is identifiable or there is a risk of an individuals’ identity being revealed.

A DPIA can reduce the risks of harm to individuals through the misuse of their personal information.  It can also help us to design more efficient and effective processes for handling personal data. 

DPIAs aid us in determining how a particular project, process or system may affect the privacy of the individual, which are designed to enable an assessment prior to new services or new data processing/sharing systems being introduced.

Please see below examples of where the CCGs have undertaken Data Privacy Impact Assessments:-

Shred It - Confidential Data Collection - DPIA

Apex Insight - DPIA

HR Provision - DPIA

SMI health checks in primary care - DPIA 

Aptan RESPOND database - DPIA 

Familial hypercholesterolemia (FH) Service (Primary Care)

Community MSK Physiotherapy Service 

Humber Coast & Vale GP Connect 

Administration of GnRH analogues

Familial-hypercholesterolemia (FH) Open Door & Quayside


Electronic Palliative Care Co-ordination System (ePaCCS) in Humber, Coast and Vale

Vasectomy (local scheme)

Skin Cancer (local scheme)

Minor Surgery (local scheme)

Special Allocation Scheme


Familial hypercholesterolemia (FH) patient identification -Beacon Medical

Humber Coast & Vale Diabetes Support