We have a new website go to gov.scot

Data Protection Impact Assessment

As part of the process, applicants are also asked to submit a draft Data Protection Impact Assessment (DPIA). Completing an assessment early in a project can identify and mitigate risks to privacy, and identify the ways an organisation or project can effectively comply with data protection regulations. It should be updated throughout the project as and when issues are raised.

The Information Commissoner's Office have published guidance on privacy by design. Additionally, you can sight the DPIA template that has been produced for internal use by the SG analysts.

Under the General Data Protection Regulation (GDPR) a data protection impact assessment (DPIA) is required for all projects involving personal data and privacy. This form was formerly known as a 'privacy impact assessment' under the Data Protection Act 1998.