Data Protection Privacy Impact Assessment Project Management Process V0.4 Last updated – 29/01/2019
At Stage 2: Definition At Stage 2: Definition At Stage 2: Definition START DPIA screening doc completed At Stage 2: Definition Any “Yes” answers Full PIA prepared At Stage 2: Definition Yes No Risk Assessment Report produced by IG Specialist At Stage 2: Definition Risk assessment with recommendations sent to project lead Yes Project Lead reviews recommendations and documents agreed actions No If the SIRO and DPO cannot agree the actions, the Accountable Officer should be consulted. Actions accepted Actions completed (2 weeks?) Yes Report with agreed actions sent to the DPO for review and agreement of actions agreed Assessment put to SIRO to assess recommended actions to mitigate risks No Actions completed Yes Risk Assessment put to IG Group for final sign off by SIRO To next page
From previous page page IG Group sign-off Yes DPIA to have personal, commercial and details of technical controls redacted ready for posting on the FOI publications scheme END