Data Protection Impact Assessment (DPIA) Questionnaire

Please answer all the questions. Data Protection Impact Assessments (DPIAs) are a tool which can help organisation
the most effective way to comply with their data protection obligations and meet individuals’ expectations of privac
allow the organisation to identify and fix problems at an early stage, reducing the associated costs and damage to r
which might otherwise occur.
Please complete the Project Details in all cases
Please complete the Screening Questions tab.
Document whether a DPIA Questionnaire is required.
Complete the DPIA Questionnaire if required. Send the completed workbook to [ ] so that
and Issues can be assessed.
If not required, retain this workbook within the project documentation in case it is required later in the project lifecy

Project/Workstream Title:

Project/Workstream Lead:

Project Lead Job title/Designation

Telephone

Email

Information Asset Owner

Implementation Date

Project/Workstream Overview:
Premise move - Co-location of two GP Practices to new premises. This will incorporate all new processes to be implem
example, a shared reception and also transferring data from old locations to new premises for example: both paper an
records and documentation
- business contracts,
- paper medical records,
- electronic medical records,
- payroll,
- Pension
- human resources records for staff.
 Data Protection Impact Assessment (DPIA) Questionnaire

ns. Data Protection Impact Assessments (DPIAs) are a tool which can help organisations identify
mply with their data protection obligations and meet individuals’ expectations of privacy. This will
ntify and fix problems at an early stage, reducing the associated costs and damage to reputation
.
Details in all cases
ng Questions tab.
Questionnaire is required.
nnaire if required. Send the completed workbook to [ ] so that the Risks

rkbook within the project documentation in case it is required later in the project lifecycle.

Premises Move

Dr Laurie Slater

Jun-18

Project/Workstream Overview:
of two GP Practices to new premises. This will incorporate all new processes to be implemented, for
and also transferring data from old locations to new premises for example: both paper and electronic

r staff.
 Screening Questions
The purpose of this assessment is to confirm that privacy laws and information governance standards are being com
addressed. It also aims to prevent problems arising at a later stage which might impede the progress or success of th

Answering “Yes” to any of the screening questions above represents a potential IG risk factor please proce
Assessment (DPIA) Questionnaire tab.

S1 Will the project involve the collection of new information about individuals?

S2 Will the project compel individuals to provide information about themselves?

S3 Will information about individuals be disclosed to organisations or people who have not
previously had routine access to the information?

S4 Are you using information about individuals for a purpose it is not currently used for, or
in a way it is not currently used?

S5 Does the project involve you using new technology which might be perceived as being
privacy intrusive?

S6 Does the project involve processing Children's personal data?

S7 Is the information to be used about individuals’ health and/or social wellbeing?

S8 Will the project require you to contact individuals in ways which they may find intrusive?

S9 Does the project involve new process or significantly change the way in which personal
and/or business sensitive data is handled?

S10 Does the project involve new or significantly change handling of personal data about a
large number of individuals?

S11 Does the project introduce new or additional information technologies that can reveal
an individual’s identity and has the potential to affect that person’s privacy?

Does the project involve new or significantly changed consolidation, inter-linking, cross
S12 referencing or matching of personal and/or business sensitive data from multiple
sources?

S13 Does the Project involves primary care and secondary care data linkages?

S14 Will the personal data be processed out of the U.K?

S15 Does the project relate to data processing which is in any way exempt from legislative
privacy protections?
S16 Does the project’s justification include significant contributions to public security and
measures?

S17 Does the project involve systematic disclosure of personal data to, or access by, third
parties that are not subject to comparable privacy regulation?

Does the project involve multiple organisations, whether they are public sector agencies
S18 i.e. joined up government initiatives or private sector organisations e.g. outsourced
service providers or business partners?

Does the project introduce new or additional information technologies that can reveal
S19 business sensitive information, specifically: have a high impact on the business, whether
within a single function or across the whole business?

S20 Does the project involve new or significantly changed handling of a considerable
amount of personal and/or business sensitive data about each individual in a database?
 Questions
rnance standards are being complied with, or highlights problems that need to be
ede the progress or success of the project.

al IG risk factor please proceed and complete the Data Protection Impact

Yes

Yes

Yes

Yes

No

Yes

Yes

No

Yes

No

No

No

This means linking GP Data with Trust Data as a result of

No the project. E.g. if it is to do with a premises move - this
would not be a factor.
No

No
 CCTV
Yes

No

No

Video Consultation Capacity

Yes

No
 Data Protection Impact Assessment (DP
Please answer all the Questions in this section and provide additional infor

D1 Describe the Data or Datasets that will be processed i.e collected, linked, shared, collated etc.

Ref# Question

D2 In what form will the data be processed?

Does the Project involve the use collection or sharing of the following Personal data about individuals?

Name

Surname

NHS Number

NI Number

Date of Birth

D3 Age

Gender

Address or Postcode

Email Addresss

Payroll Number

Driving Licence

Other Identifiers not listed above- Please state the identifier(s)

Does the Project involve the use collection or sharing of the following special categories of data or what

Racial or Ethnic Origin

Political Opinion

Religious Beliefs

Trade Union Membership

Physical or Mental Health condition

Sexual Life

D4
 Commission or alleged commission of an offence

D4 Proceedings for any offence committed or alleged

Biometrics; DNA profile, fingerprints

Bank, financial or credit card details

Tax, benefit or pension Records

Health, adoption, employment, school, Social Services, housing records

Child Protection

Safeguarding Adults

Other Identifiers not listed above- Please state the identifier(s)

D5 Will the dataset include clinical data?

D6 Will the data include financial data?

D7 Will the data include local/private contract conditions?

Will the data sharing involve more than one organisation? Please list all the organisations
D8
and their role in the project.

D9 Will this information be shared outside the organisations listed above?

D10 Does the project involve the use of anonymised or psedonymised data?

Will the organisation hold the pseudonymised key which could enable re-identification?

Has a data flow mapping exercise been undertaken?

D11
If yes, please provide a copy.

D12 Does the project involve employing contractors external to the Organisation?

If yes to D12, is there a signed confidentiality agreement or contract signed with the external
D13
organisation?

Are there any security and audit measures implemented to secure access to and limit use of
D14
personal identifiable and/or business sensitive information?

D15 Is there an ability to audit access to the information?

 If this new/revised function should stop, are there plans in place for how the information will
D16
be retained / archived/ transferred or disposed of?

Are individuals informed about the proposed uses of their personal data? ( if Yes how is this
D17
done?)

Are arrangements in place for recognising and responding individual rights in accordance
D18
with the law?

Will individuals be asked for consent for their information to be processes in this way? If no,
D19
list the reasons for not gaining consent.

Ref# Question
Conditions for processing special categories of data (to be identified if they apply)
Explicit consent

Other legal route

Processing is necessary for performance of a task in the public interest or exercised in offical
authority vested in the Controller.
Processing is required by law
Processing is required to protect the vital interests of the person
D20
Is any processing going to be by a not for profit organisation, e.g. a Charity
Would any processing use data already in the public domain?
Could the data being processed be required for the defence of a legal claim?
Would the data be made available publically, subject to ensuring no-one can be identified
from the data?
Is the processing for a medical purpose?
Would the data be made available publically, for public health reasons?
Will any of the data being processed be made available for research purposes?
ssessment (DPIA) Questions
d provide additional information where necessary.

ared, collated etc.

Select Answer

Electronic/
Paper
l data about individuals?

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes
Passport number, DBS Checks reference/data
Yes

ategories of data or what would be considered sensitive about individuals?

Yes

No

No

Yes

Yes

Yes
Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

No

Yes

Yes

Yes

Two practices within the premises. Not all will be shared, but some
Yes may be.

Business Sensitive data - shared with the CCG

Yes

NA

NA

Yes

Courier service and building works contractors. ICT Team contract -

Yes network and wiring.

Anticipated/Pending e.g. Courier service.

No

Sharing premises, likely to have card based access to rooms,

No mechanisms for opening and closing building. Allocation of
responsibility has not been made.
A planned process will need to be put in place.
No
 NA

Fair Processing notice, process in place for staff. Need to be

Yes updated. Update Data Controller details.

Yes

NA

Select Answer
ply)
NA
Other laws that allow you to process data/deliver the services e.g.
Yes
NHS Act 2006 and Health and Social Care Act 2012

Yes

NA
NA
NA
Yes Public Engagement event with regard to the move.
NA
Public Engagement event with regard to the move.
Yes

NA
NA
NA
Answer all the questions below for the processing of Personal Confidential Data

What is the justification for the inclusion of identifiable data rather than using de-
identified/anonymised data?

Will the information be new information as opposed to using existing information in different
ways?

What is the legal basis for the processing of identifiable data? E.g. Conditions under the Data
Protection Act 2018 EU General Data Protection Regulations, the Section 251 under the NHS Act
2006 etc.

If consent, how and when the consent would be recorded and retained.

Where and how will this data be stored?

Who will be able to access identifiable data?

Will the data be linked with any other data collections?

How will this linkage be achieved?

How have you ensured that the right to data portability can be respected? i.e. Data relating to
particular people can be extracted for transfer to another Data Controller, at the request of the
person to which it relates, subject to:
·     Receipt of written instructions from the person to which the data relates.
·     Including data used for any automated processing,
- The transfer of the data has been made technically feasible.
What security measures will be used to transfer the data?

What confidentiality and security measures will be used to store the data?

How long will the data be retained in identifiable form? And how will it be de-identified? Or
destroyed?

What governance measures are in place to oversee the confidentiality, security and appropriate
use of the data and manage disclosures of data extracts to third parties to ensure identifiable
data is not disclosed or is only disclosed with consent or another legal basis?

If holding personal i.e. identifiable data, are procedures in place to provide access to records
under the subject access provisions of the DPA?

Is there functionality to respect objections/ withdrawals of consent?

Are there any plans to allow the information to be used elsewhere within the organisation, wider
or by a third party?

The data must be able to be easily separated from other datasets to enable data portability (see
previous questions), audit of data relating to specific organisations and to facilitate any
requirements for service transitions.
N/A Premises move and also possible new process implemtation for the provision of treatment and care.

No new information - just posible different method.

See DPA Questionnaire 1 - Please state the legal basis - mirror the box.

N/A Premises move

CCTV - operations
Physical Tranfer of Paper Medical Records and Employment Records
New implementation of processes for shared data between practices in shared areas
New process for registration patient

Shared staff, employees of practices for their own data. Each GP Practice will need to undertake a physical security check of old p

N/A

N/A

N/A for premises move - existing arrangements unchanged

Registered courier service with contractual arrangement, physical security under centrally managed access. Existing role based a

As above

N?A Premises move

Policy document - existing requirement for third party to sign contract detailing the confidentiality and requirements. Premises t

N/A - exisiting arrangements in place.

N/A - exisiting arrangements in place.

No disclosures - only internal processes between the two practices where required, for patient related data only e.g. shared serv

N/A - exisiting arrangements in place.

 Impact Pri

Privacy Risks & Issues for Consideration Low; Moderate;

Avoid
High

1 To ensure that the CCTV Operations have appropriate process

in place, placement assessed (Considering privacy of third
parties) and process relating to data storage, security and
access. High

2 Physical Transfer of patient and employee records

Moderate

3 Physical Security Check of old permises to ensure all data has

been safely removed.
Moderate

4
5
6
7
8
9
10
 Privacy Risk Management Implication for Projects

Treat Accept Implemented Countermeasures Date

Policy document on CCTV, security measures, Jun-18

contractual relationship with service
provider. Processes to honour individual
YES rights in relation to SARs. Update fair
processing notice to reflect. Signs to notify
patients and the public.

Contractual undertaking with courier service Jun-18

to include sufficient terms and conditions,
post migration premises inspection and
deliver to authorised individual. Courier
YES service must be an approved service which
meet industry standards for
medical/employee information.

Practice staff undertake physical site check to Jun-18

ensure that all personal data has been
YES securely removed. This includes removal of
ICT equipment for secure destruction.