Skip to content

Improvements to our data protection impact assessment process

30 November 2022

We've made some changes to our data protection impact assessment process (DPIA) process to make it simpler and ensure that you have access to the right support at all stages.


DPIAs are a process to help identify and minimise the data protection risks of a project, process or procurement. In some cases it is a legal requirement to complete one.

To ensure that any risks are identified and managed before you begin processing any data, you must complete the registration and screening process which will determine the need for a DPIA.

Find out more about these steps.

It is important that our data protection liaison officers (DPLOs) help you as early as possible in your planning and concept phase. Please register early and use only up to date templates given to you by your DPLO. If DPLOs hear about your plans too late, then it may not be possible to achieve all of the DPIA process steps in the desired timescales, causing delay and risks that could have been avoided.

If you do not have anything to register at the moment but you'd like to learn more about the process, please contact your DPLO.

Our user friendly improvements are ongoing as the DPLOs, working closely with legal services colleagues, consider the best way to support you to achieve compliance with data protection legislation and ensure that data protection considerations are integrated into processing activities from the start.