Data Protection Impact Assessments (DPIAs)

Under GDPR (General Data Protection Regulation), DPIAs must be used to evaluate risks to the rights and freedoms of data subjects that result from data processing.

These are particularly relevant when introducing new ways of processing data, new systems or new technologies.

Milton Keynes University NHS Foundation Trust (MKUHFT) take Data Protection very seriously and has already embedded this process into the organisation since 2015.

MKUHFT has done this in order to ensure that any proposed new process or system containing personal information is adequately assessed to ensure that the Trust remains compliant with all legislation and no risk is associated with the use of your personal data.

The Data Protection Impact Assessment (previously known as privacy impact assessment or PIA) is a tool which can help organisations identify the most effective way to comply with their data management obligations and meet individual expectations of privacy.

An effective DPIA will allow organisations to identify and fix problems at an early stage, reducing the associated costs and damage to reputation, which might otherwise occur.

DPIAs also support the GDPR’s accountability principle, helping organisations prove that they have taken appropriate technical and organisational measures, as required.

MKUH’s DPIA log