SA¹ú¼Ê´«Ã½

A Data Protection Impact Assessment (DPIA) is a process to help an organisation identify and minimise the data protection risks of a project, especially for processing that is likely to result in a high risk to individuals. To assess the level of risk, both the likelihood and the severity of any impact on individuals must be considered. High risk could result from either a high probability of some harm, or a lower possibility of serious harm. It is also good practice to do a DPIA for any other major project which requires the processing of personal data, sometimes it is a mandatory data protection requirement.

The DPIA must:

• describe the nature, scope, context and purposes of the processing;
• assess necessity, proportionality and compliance measures;
• identify and assess risks to individuals; and
• identify any additional measures to mitigate those risks.

Here at SA¹ú¼Ê´«Ã½ we work closely with suppliers and colleagues across the Trust to ensure that this GDPR obligation is carried out, recorded and regularly reviewed.

Below you will find a summary of all DPIAs carried out since 25th May 2018 when this became a data protection requirement. The lists will be periodically updated with new completed DPIAs but if you would like more information about our process, or those listed below, please contact sft.information.governance@nhs.netÌý

Ìý

DateÌý	DocumentÌý
25 May 2018 - 30 November 2018
25 May 2018 - 31 May 2019
25 May 2018 - 31 July 2019
25 May 2018 - 31 August 2019
25 May 2018 - 31 October 2019
25 May 2018 - 30 November 2019
25 May 2018 - 30 December 2019
01 January 2019 - 31 January 2020
01 January 2019 - 29 February 2020
01 January 2019 - 31 March 2020
01 January 2019 to 30 April 2020
01 January 2020 to 30 September 2020
01 January 2020 to 31 December 2020
01 January 2021 to 31 March 2021
April 2021 to May 2021
June 2021 to September 2021
October 2021 to December 2021
January 2022 to June 2022
July 2022 to January 2023