Data protection impact assessments (DPIAs) are an essential part of our accountability obligations and is a legal requirement for any type of processing under UK data protection and privacy legislation. Failure to carry out a DPIA when required may leave the council open to enforcement action, including monetary penalties or fines.
DPIAs helps us to assess and demonstrate how we comply with all of our data protection obligations. It does not have to eradicate all risks but should help to minimise and determine whether the level of risk is acceptable in the circumstances, considering the benefits of what the council wants to achieve.
The DPIA screening questions and DPIA identified that whilst there is processing of personal and special categories of personal data, it is not likely to result in a high risk to the rights and freedoms of individuals. We will continue to work on the DPIA as it is an ongoing risk assessment that will help us to analyse, identify and minimise the data protection risks for the duration of the consultation.