Annex C: Data Protection Impact Assessment (DPIA)


Procurement of Reablement Service / ASC Community Contracts

DPIAs are an essential part of our accountability obligations. Conducting a DPIA is a legal requirement for any type of processing, including certain specified types of processing that are likely to result in a high risk to the rights and freedoms of individuals. Under UK GDPR, failure to conduct a DPIA when required may leave the council open to enforcement action, including monetary penalties or fines. A DPIA is a ‘living’ process to help manage and review the risks of the processing and the measures we will have in place on an ongoing basis. It will need to be kept under review and reassess if anything changes.

The DPIA “screening questions” and initial “data mapping” identified there will be processing of personal data, special categories of personal data and / or criminal offence data in the procurement of the Reablement Service/ ASC Community Contracts and the ongoing provision of this service.   This means we will continue with the DPIA as part of the ongoing project/ plan/ procurement.

The DPIA will help us to:

·        systematically analyse, identify, and minimise the data protection risks of this project/ plan/ procurement.

·        assess and demonstrate how we comply with all our data protection obligations.

·        minimise and determine whether the level of risk is acceptable in the circumstances, considering the benefits of what we want to achieve.