A Data Privacy Impact Assessment (DPIA) is a process which helps assess privacy risks to individuals during the collection, use and disclosure of personal information. A DPIA is a legal requirement for certain types of processing.
Under the General Data Protection Regulation (GDPR), the Privacy by Design principle has been strengthened, and DPIAs should be used to evaluate risks to the rights and freedoms of data subjects resulting from data processing. Click here to view the QUB Student Privacy Notice.
Whilst a DPIA does not eradicate all risk, it should help determine an acceptable level of risk depending on the benefit of the outcomes of the data processing. The conclusions of the DPIA should be integrated back into the plan, and maintained under review for the duration of the processing.
Please be aware, failure to carry out a DPIA when legally required may leave the University open to enforcement action, including large monetary penalties.