Data Protection Impact Assessments (DPIA's)

A Data Protection Impact Assessment (DPIA) is a process to help you identify and minimise the data protection risks of a project. You must do a DPIA for processing that is likely to result in a high risk to individuals. This includes some specified types of processing. You can use our screening checklists to help you decide when to do a DPIA. It is also good practice to do a DPIA for any other major project which requires the processing of personal data.

A DPIA is the process of systematically considering the potential impact that a project or initiative might have on the privacy of individuals. It allows the University to identify potential privacy issues before they arise, and come up with a way to mitigate them. A DPIA can involve discussions with relevant parties/stakeholders. Ultimately such an assessment may prove invaluable in determining the viability of future projects and initiatives. 

Where the DPIA indicates that the risks identified in relation to the processing of personal data cannot be fully mitigated, the data controllers (UCC) is required to consult the DPC before engaging in the process.

See the Data Protection Impact Assessment Procedure and Template for further information.

The Data Protection Commissioner has issued detailed guidance on DPIAs: http://gdprandyou.ie/data-protection-impact-assessments-dpia/

 

 

Office of Corporate and Legal Affairs

Oifig um Ghnóthaí Corparáideacha agus Dlíthiúla

1 st Floor, East Wing, Main Quadrangle,

Top