- Back to Data Protection
- GDPR Overview
- Key GDPR Changes
- Data Protection Notices
- UCC's GDPR Project
- Individual Rights
- Data Security Breaches
- Privacy by Design & Default
- Policy and Procedures
- Data Protection Impact Assessments (DPIA's)
- Frequently Asked Questions
- Training and Resources
- Data Protection Policy
- Contact Information
Data Protection Impact Assessments (DPIA's)
A Data Protection Impact Assessment (DPIA) is a process to help you identify and minimise the data protection risks of a project. You must do a DPIA for processing that is likely to result in a high risk to individuals. This includes some specified types of processing. You can use our screening checklists to help you decide when to do a DPIA. It is also good practice to do a DPIA for any other major project which requires the processing of personal data.
A DPIA is the process of systematically considering the potential impact that a project or initiative might have on the privacy of individuals. It allows the University to identify potential privacy issues before they arise, and come up with a way to mitigate them. A DPIA can involve discussions with relevant parties/stakeholders. Ultimately such an assessment may prove invaluable in determining the viability of future projects and initiatives.
Where the DPIA indicates that the risks identified in relation to the processing of personal data cannot be fully mitigated, the data controllers (UCC) is required to consult the DPC before engaging in the process.
See the Data Protection Impact Assessment Procedure and Template for further information.
The Data Protection Commissioner has issued detailed guidance on DPIAs: http://gdprandyou.ie/data-protection-impact-assessments-dpia/