Data Protection Impact Assessment Template

Updated on 25 May 2020

This DPIA template should be used whenever, after completing an Initial Data Risk Assessment (IDRA), and answering 'Yes' to any of the questions in the IDRA, there is a requirement to store, use or transfer personal data and where privacy risks and mitigations are not covered in an Ethics submission and/or a Research Data Management Plan.

On this page

DPIAs should also be completed for all new or modified uses of personal data including the processing of personal data in research projects. DPIAs are mandatory for all high-risk or high-volume processing of personal data, in research and for the introduction of any new systems, software solutions or for monitoring and/or surveillance systems (such as CCTV).

The completion of a DPIA may also be useful when working with other organisations or funders to demonstrate proper consideration of personal data risks and their mitigation.



Data Protection Officer (DPO)

Corporate information category Data protection