Data Protection Impact Assessment Screening Checklist
To confirm whether a full DPIA is required please go through the below and tick any boxes that are relevant.
|
Ref number: |
|
|
Name and Job title: |
Jonathan Byrne (Lorraine Lunt) |
|
Date: |
10 April 2024 |
|
Description - Explain broadly what you aim to achieve and what type of processing it involves. You may find it helpful to refer or link to other documents, such as a project proposal, business case etc. |
|
|
EDMS report - the benefits and challenges of the council continuing to use X, formerly known as Twitter. It includes a plan to encourage residents to seek information from the remaining council channels and explains what will happen in the event of an incident, when the council has a duty to “warn and inform”.
|
|
Are you:
☐ starting a new (or reviewing an existing) project involving the use of personal data.
Are you planning to carry out any
☐ evaluation or scoring
☐ automated decision-making with significant effects.
☐ systematic monitoring.
☐ processing of sensitive data or data of a highly personal nature
☐ processing on a large scale
☐ processing of data concerning vulnerable data subjects
☐ innovative technological or organisational solutions
☐ processing that involves preventing data subjects from exercising a right or using a service or contract.
☐ profiling to make decisions about people
☐ automated decision-making to make decisions about people
☐ process special-category data or criminal-offence data
☐ systematically monitor a publicly accessible place e.g. CCTV
☐ use innovative technology *
☐ use profiling to help make decisions on someone’s access to a service, opportunity, or benefit
☐ use automated decision-making to help make decisions on someone’s access to a service, opportunity, or benefit
☐ use special category data to help make decisions on someone’s access to a service, opportunity, or benefit
☐ carry out profiling on a large scale
☐ process biometric or genetic data *
☐ combine, compare, or match data from multiple sources
☐ process personal data without providing a privacy notice directly to the individual*
☐ process personal data in a way that involves tracking individuals’ online or offline location or behaviour *
☐ process children’s personal data for profiling or automated decision-making or for marketing purposes, or offer online services directly to them
☐ process personal data that could result in a risk of harm in the event of a breach
☐ a change to the nature, scope, context, or purposes of existing processing
If you have ticked any of the boxes above, you must complete a full DPIA. Please contact information.governance@york.gov.uk who will be able to advise and support you to do this
*for information governance only – when advising or going through these points as part of the screening or full DPIA, note that these are “in combination with any of the criteria in the European guidelines” http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=611236