Awdurdod annibynnol y Deyrnas Unedig a sefydlwyd i gynnal hawliau gwybodaeth er budd y cyhoedd, annog cyrff cyhoeddus i fod yn agored a hybu preifatrwydd data i unigolion.

DPIA content

DPIAs always include the appropriate information and are comprehensively documented.

Ways to meet our expectations:

  • Your organisation has a standard, well-structured DPIA template which is written in plain English.
  • DPIAs:
    • include the nature, scope, context and purposes of the processing;
    • assess necessity, proportionality and compliance measures;
    • identify and assess risks to individuals; and
    • identify any additional measures to mitigate those risks.
  • DPIAs clearly set out the relationships and data flows between controllers, processors, data subjects and systems.
  • DPIAs identify measures that eliminate, mitigate or reduce high risks.
  • You have a documented process, with appropriate document controls, that you review periodically to ensure it remains up to date.
  • You record your DPO’s advice and recommendations and the details of any other consultations.
  • Appropriate people sign off DPIAs, such as a project lead or senior manager.

Can you answer yes to the following questions?

  • Do staff use the DPIA template and find it easy to understand?
  • Is the process effective?
  • Is the DPO satisfied that their advice is taken into account?
  • Are they satisfied with any consultation that has taken place and how that you reflect any feedback in the outcome?