This website is no longer being updated. Please go to GOV.SCOT


This site is no longer being updated. You can now find the latest statistics on

Data Protection Impact Assessment

As part of the process, applicants are also asked to submit a draft Data Protection Impact Assessment (DPIA). Completing an assessment early in a project can identify and mitigate risks to privacy, and identify the ways an organisation or project can effectively comply with data protection regulations. It should be updated throughout the project as and when issues are raised.

Guidance on DPIAs for Scottish Government internals can be found here:


If you are external to the Scottish Government but would like to receive more information on DPIAs please contact

Under the General Data Protection Regulation (GDPR) a data protection impact assessment (DPIA) is required for all projects involving personal data and privacy. This form was formerly known as a 'privacy impact assessment' under the Data Protection Act 1998.