Thursday 16 January 2020

Did you know it’s a legal requirement under GDPR to carry out an assessment of privacy risks on services we commission?

Everything you need to know about Privacy Impact Assessments, the training and support available and related forms…

What is a Privacy Impact Assessment (PIA)?

Also known as a Data Protection Impact Assessment (DPIA). A PIA is a risk assessment used to analyse how a particular project or system will affect the rights and freedoms of the individuals involved (or whose information is being processed).

It’s basically the due diligence on new or changed systems, providers, processes and projects around how they process data.

It’s a legal requirement under GDPR to carry out an assessment of privacy risks. This should happen at the design phase of projects whereby the processing of personal data will be initiated or amended. Failure to comply with this requirement would leave the CCG at risk of enforcement action and a fine.

When do you need a PIA?

You must consider a PIA for any:

  • project
  • procurement
  • business case
  • use of or transfer of personal data or departmental / team initiative where there’s a potential impact on the privacy of individuals.

This includes:

  • new or changed systems and technologies that process personal data
  • the introduction of new pathways or services, especially if there are new data flows or when a new provider integrates with existing services
  • the introduction or change of provider, if they will be processing personal information.

Complete a PIA form

Find the Privacy Impact Assessment Form on AskHUE. Go to Policies and resources > Resources and forms > Forms and templates A-Z section.

Access other impact assessments (Equality Impact Assessment Form and Quality Impact Assessment Form) here too. You can also find the following related forms and project management templates:

  • Business case template
  • Idea template
  • Project change request
  • Project plan (stand-alone)
  • Risk register template example
  • PID template (detailed)
  • Plan on a page template
  • Service evaluation template example
  • Evaluation framework logic model
  • Single page terms of reference template
  • Stakeholder map and plan template

What’s the process?

PIAs should begin early in the life of a project, before you start processing information, and run alongside the planning and development process.

Once drafted, come to the PMO office in Building 1 for discussion and support.

View the PIA process diagram.

For technical support on completing PIAs or advice, please contact Gemma Kerr in the Information Governance team.

Training and support

The Information Governance (IG) team run a PIA workshop in each Essex CCG every quarter. Workshops are an hour long and you can book onto a session by emailing ig.training@nhs.net.

Dates and times are as follows:

  • Tuesday 10 March 2020, 10:30am to 11:30am
  • Monday 8 June 2020, 9am to 10am
  • Tuesday 15 September 2020, 10:30am to 11:30am
  • Wednesday 2 December 2020, 11:45am to 12:45pm
  • Wednesday 10 March 2021, 9am to 10am

All sessions will be held in the Board Room in Building 4.

Leave a reply:

Your email address will not be published but the name you enter will be.

Latest WECCG News Farewell and thank you West Essex CCG ›
New on the notice board ICS intranet ›