We will review a Data Privacy Impact Assessment (DPIA) template and determine the process and methodology to assess privacy risks to the data subject from the collection, use, storage and disclosure of personal information. The correct DPIA implementation is necessary because a failure to properly embed appropriate privacy protection measures may result in a breach, incompatibility with the Human Rights Act, or prohibitive costs in retrofitting a system to document compliance or address community concerns on privacy.
- The template will identify and address the data protection and privacy concerns at the design and development stage of a project.
- The document details the process for conducting a DPIA through a project lifecycle to ensure that, where necessary, personal and sensitive information requirements are complied with and risks are identified and mitigated.
A DPIA is performed when there is a new use or significant change in the way in which personal data is handled, redesigned or a new process or information asset is introduced.