Data Protection Impact Assessments (DPIAs) 

Data Protection Impact Assessments (DPIAs)  are required under the General Data Protection Regulation (EU) 2016/679.  DPIAs are an integral part of taking a privacy by design approach.  

DPIAs  are required under the General Data Protection Regulation (EU) 2016/679, where data is being used in a manner that it either is identifiable or there is a risk of an individuals’ identity being revealed.

A DPIA can reduce the risks of harm to individuals through the misuse of their personal information.  It can also help us to design more efficient and effective processes for handling personal data. 

DPIAs aid us in determining how a particular project, process or system may affect the privacy of the individual, which are designed to enable an assessment prior to new services or new data processing/sharing systems being introduced.

Please see below examples of where the CCGs have undertaken Data Privacy Impact Assessments:-

Shred It - Confidential Data Collection - DPIA

Apex Insight - DPIA

HR Provision - DPIA

SMI health checks in primary care - DPIA 

Aptan RESPOND database - DPIA