skip to primary navigationskip to content

Data Protection Impact Assessments (DPIAs)

The ICO updates its guidance on General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA) regularly. It also offers a range of resources and support that can be accessed here.

A data protection impact assessment (DPIA) is a process to help you identify and minimise the data protection risks of a specific type of data processing. For more information, see the ICO’s guidance on DPIAs.

In the main, it is unlikely that Colleges will need to conduct many DPIAs, but you should consider undertaking one if you believe there might be a high risk or impact to the privacy of individuals.  It is also good practice to do a DPIA for any other major project which requires the processing of personal data.

The Office of Intercollegiate Services can give advice on when it is appropriate to undertake a DPIA, and should normally be consulted on the final completed form.  The following guidance is provided for Colleges: 



We also provide here a number of examples of a completed forms:


  • Example 01 - Using public information in researching donor prospects
  • Example 02 - Sharing student information with the City Council for Council Tax exemption purposes
  • Example 03 - Having a local "birthday list" in a College office
  • Example 04 - Project to review the risk of safeguarding allegations of misconduct of applicant interviewers