skip to primary navigationskip to content

Data Protection Impact Assessments

A data protection impact assessment (DPIA) is a process to help you identify and minimise the data protection risks of a specific type of data processing.


In the main, it is unlikely that Colleges will need to conduct many DPIAs, but you should consider undertaking one if you believe there might be a high risk or impact to the privacy of individuals.  It is also good practice to do a DPIA for any other major project which requires the processing of personal data. Please see the further *guidance* below for more information.


The Office of Intercollegiate Services can give advice on when it is appropriate to undertake a DPIA, and should normally be consulted on the final completed form.  The following guidance is provided for Colleges:



We also provide here a number of examples of a completed forms:


  • Example 01 - Using public information in researching donor prospects
  • Example 02 - Sharing student information with the City Council for Council Tax exemption purposes
  • Example 03 - Having a local "birthday list" in a College office
  • Example 04 - Project to review the risk of safeguarding allegations of misconduct of applicant interviewers