You are here:

Last reviewed on 6 April 2021
Ref: 34261
School types: All · School phases: All

Find out what data protection impact assessments (DPIAs) are, when they must be done, and who should be involved. Download and adapt our DPIA template to save you time.

What is a data protection impact assessment?

A data protection impact assessment (DPIA) is a process that helps you:

  • Thoroughly analyse your data processing
  • Identify and minimise data protection risks
  • Comply with accountability obligations under the UK GDPR 
  • Assess and demonstrate how you comply with all of your data protection obligations

Read more in the guidance from the Information Commissioner’s Office (ICO):

When to conduct one

You must carry out a DPIA before you begin any type of processing that's likely to result in a high risk to the rights and freedoms of individuals.

To assess whether something is likely to result in a high risk, look out for any features or red flags of a 'high risk'. 

Remember that it's the job of the DPIA to assess in detail whether something is high risk or likely to result

More from The Key


Bitesize training with a big impact

Our on-demand training has your whole board covered and lets them learn at a time and pace that suits them.

Help your new governors hit the ground running with our expertly-designed induction training, and our role-specific courses support your link governors develop key skills and confidence in their role.


New eLearning: DSL refresher training

Your DSL’s training should be refreshed at least once every 2 years. 

Designed in collaboration with safeguarding experts, our 2.5 hour online refresher training course reminds DSLs how to put their knowledge into practice, with in-depth, real-world scenarios.


The Key has taken great care in publishing this article. However, some of the article's content and information may come from or link to third party sources whose quality, relevance, accuracy, completeness, currency and reliability we do not guarantee. Accordingly, we will not be held liable for any use of or reliance placed on this article's content or the links or downloads it provides. This article may contain information sourced from public sector bodies and licensed under the Open Government Licence v3.0.