Data Protection Impact Assessment (DPIA)

Under GDPR, it is the responsibility of our Trust, not just to be compliant with the law, but to be able to actively demonstrate this compliance. One of the key ways of demonstrating compliance with Data Protection by Design is through the use of DPIAs.

What is a DPIA?

A DPIA is a screening tool which is designed to help organisations systematically analyse, identify and minimise the data protection risks of a project or plan. It allows issues to be recognised as early as possible and addressed appropriately, which in turn shows that data protection has been considered throughout the development of any new or changes to existing activities.

The list below shows DPIA’s which have been undertaken and approved by the Trust:

Proposal Number    Proposal Name          Summary of Proposal                                                                                                            Using Person Identifiable DataUsing Special Category DataPIA CompletedIs the Supplier Trust or External?Supplier Checks CompletedOutside EUPurposeDate Proposal Agreed
P101064Data Load SoftwareHealth Education England (HEE) provided tool to facilitate and support the transfer of information into the Trust Electronic Staff Record (ESR) system.YesNoYesExternalYesNoContract/Obligation27/06/2018
P101071My Kit CheckElectronic system to replace paper checklists used to log resuscitation trolley checks, order stock and monitor expiry dates.NoNoYesExternalYesNoDirect Care26/06/2018