Data Planning Impact Assessments

Data planning for Personal Data in XRUK

What is this document for?
Why do this?

A good Data Plan will be clear about why, and how, we process individual’s data within our principles and values, and meet our legal, practical and financial constraints.

We check if we need a formal “Data Protection Impact Assessment” (DPIA)

And we would do this even without the legal obligations - if we are trusted with Personal Data, we need to respect the people who have trusted us with that.

Use this document if you

  1. plan to get Data about individuals
  2. maintain processes which use Data about individuals
  3. want to collect Data about individuals in a different way
  4. want to change how some Data is used,
  5. are the GDPR champion in a circle, or group which has Data about individuals, so you know when a Data Plan is needed

Who can see Data Plan?

A “data subject” can request to see the Data Protection Impact Assessment (DPIA) if one is created. So when you are writing a Data Plan or DPIA – keep the language simple and clear.

Background

Training and walk-through

If this is all new to you, and you think you need to use this information, please ask the GDPR & Security Circle for a walk-through. On Mattermost you can ask any questions on the “GDPR & Security Reception Channel”


Revision #9
Created 14 July 2021 13:24:47 by Ned Evans
Updated 28 June 2023 18:11:13 by Mariah