Complete a Data Protection Impact Assessment (DPIA)

A DPIA , also known as a Privacy Impact Assessment (or PIA) identifies how data privacy might be affected by projects and services. An effective  DPIA allows us to identify and fix problems related to the processing and security of personal data, reducing associated costs and damage to reputation. 

You should fill out a  DPIA for any project or change of system that involves collection or use of personal information. You should consider and manage the risks of any potential data breach.

When you should complete a DPIA

If you are procuring a new system or service or changing a system that involves processing personal and/or special category data complete the online DPIA form. 

Guidance on completing the online form

The screening questions at the beginning of the form will determine whether the full DPIA is required.

You cannot save a  DPIA in progress. The word template below has been provided for use to prepare in advance.

• DPIA template (MS Word, 89KB) - Use this template ff you are amending an old DPIA, or are submitting a DPIA using a template from before April 2022. 
• DPIA Process (MS Powerpoint, 2.8MB)

If you are following up on a submitted DPIA be aware these will be scheduled for assessment and may take up to a month to be processed depending on the complexity of the project. Appropriate timescales for the completion of a DPIA where required should be factored in at the beginning of all projects. 

The Data Protection Officer (DPO) will review all DPIAs and does so in an advisory capacity. This is done automatically when the web-form is submitted. The Data Protection Officer will advise of any concerns they feel have not been adequately addressed.

To ensure the process is as efficient as possible, you should:

• include all relevant information
• avoid using service-specific acronyms
• cooperate with the Data Protection Officer if advised to address concerns or make amendment.

Once you have completed a DPIA

The DPIA should be approved by:

• project governance where the governance has service representation of the data owner
• or the data owner 
• or if there is no data owner, e.g. corporate responsibility, the DPIA should be approved by the DPO or the Information Governance Group

Ensure you keep the DPIA under review and incorporate actions back into the project

List of DPIAs

• Pre April 2022 list of DPIAs (MS Excel, 35KB)

Submitted DPIAs

• Submitted DPIAs post April 2022 (MS Excel, 38KB)

For more information including the outcome of a DPIA submitted after April 2022, contact the Data Protection Team.

Contact the Data Protection team 

Email: dp@cheshireeast.gov.uk

For further information or guidance.