A Register of Data Protection Impact Assessments (DPIAs) is now available on Interchange
27/09/2023
What is a DPIA?
A Data Protection Impact Assessment (DPIA) is a tool designed to identify the Data Protection risks of a project or process and record how those risks have been addressed and mitigated. A DPIA is required whenever processing is likely to result in a high risk to individuals’ personal data. They are a key part of the Council’s accountability obligations under Data Protection Legislation. Please contact the Information Governance Team at dataprotection@moray.gov.uk before completing a DPIA for advice on whether a DPIA is required, if one has already been submitted for review, and, if there are any other Data Protection considerations.
What is the Register?
The internally published DPIA register contains a list of DPIAs reviewed by the Council’s Data Protection Officer and signed off as approved, or not approved for use. Services should ensure that agreed caveats and mitigations are adhered to, and that DPIAs are kept up to date. Personal data should not be inputted into any resources/websites etc. not approved for use.
Please note that DPIAs are focused on personal data, as such some resources can still be used on the condition that no personal data in involved, for example SurveyMonkey.
When is it updated?
The register is updated monthly.
Where can I find it?
The internally published DPIA register is available on the Data Protection interchange page, under section 2: http://interchange.moray.gov.uk/int_standard/Page_132347.html
Note for Schools
Schools should look at their weekly bulletin for current information on the DPIA RAG list, links to scenario documents, and, other supportive guidance. Also, Schools should contact LearnTech@moray.gov.uk before starting a DPIA as they will support them with this process.