Data protection impact assessment (DPIA) is a process to help organisations identify and minimise risks resulting from data processing. They were Introduced in May 2018 due to a change in legislation relating to the implementation of GDPR, and replaced the previously used assessments Privacy Impact Assessments (PIA)

DPIAs are usually undertaken when introducing new data processing processes, systems or technologies and are required whenever processing is likely to result in a high risk to the rights and freedoms of individuals.

Data protection impact assessments and previously Privacy Impact Assessments are undertaken by the NHSCFA when a new technology is scheduled for implementation, when changes to an existing system or process is proposed or when new uses are planned for the personal data held for existing DPIA's.

NHSCFA Data Privacy Impact Assessments

NHSCFA have undertaken both Privacy Impact Assessments (PIA's) and Data Protection Impact Assessments (DPIA's) since the launch of NHSCFA in November 2017 and Data Protection Impact Assessments (DPIA's) since the introduction of GDPR in May 2018

  • HSCA (PIA) created Nov 2017
  • Pharmacy Reward Scheme (PIA) created Nov 2017
  • AD LAB & Summation (DPIA) created October 2018
  • New Staff Intranet (DPIA) created March 2019
  • Email Security Gateway (DPIA) created July 2018
  • LogRhythm Security Incident Event Management (DPIA) created October 2018
  • Proxy Gateway (DPIA) created October 2018
  • Public Website (DPIA) created November 2019

NHS Protect Data Privacy Impact Assessments

The following Privacy Impact Assessments (PIA's) created by NHS Protect, the predecessor organisation of NHSCFA prior to the introduction of DPIA's and GDPR, are published as NHSCFA documents as the use of the systems and the data within them have not changed.

  • First (PIA) created Jan 2017
  • iBase(PIA) created March 2017
  • CPOD(PIA) created May 2017
  • Complaints (PIA) created Sept 2017
  • Information Source Register (PIA) created Sept 2017
  • LIMA (PIA) created Oct 2017
  • Press Office Database(PIA) created Sept 2017