This is a tool which can help organisations identify the most effective way to comply with their data protection obligations and meet individuals’ expectations of privacy.
An effective DPIA will allow organisations to identify and fix problems at an early stage, reducing the associated costs and damage to reputation, which might otherwise occur.
To determine if a DPIA is needed, a privacy screening template is completed using questions based on ICO published guidance. The responses are reviewed by information governance and the information asset owner or administrator to determine if a DPIA is needed.
If there is no personal data involved or there are no high risks before any privacy controls are taken account of, then a DPIA will not normally be needed.
Summaries are shown in alphabetic order of the project or process name.
We use artificial intelligence to determine the intent of the caller for some of our services.
No decisions are made about the customers that have a legal or similar effect on them.
A DPIA was needed because this was a new type of technology and some callers could be vulnerable adults.
All risks to acceptable levels by existing controls. The effectiveness and accuracy of the technology will be monitored as part of the pilot.
CCTV is used externally for our owned premises and internally where an incident or staff safety has justified its use.
This monitors behaviour of staff and visitors.
One minor issue identified and resolved. Recommendation is that this processing continues but any new uses of CCTV are referred to information governance.
This feature uses big data analytics techniques to join personal data held across the our organisation.
The insight gained will be used to help better plan NHS services.
Each idea being explored using patient data and big data analytics is subject to a bespoke version of a DPIA.
If the findings are to be used to change how a customer’s personal data is used, then that proposal must be referred to information governance.
In addition, there is a stop list of all processing that must be referred to the information asset owner and information governance.
This system will hold prescription and dental patient data in a production environment to provide routine reporting to the NHS and answer queries that do not require big data analytics.
It has been agreed that:
All exceptions to these rules are to be referred to information governance.
This system will hold personal data relating to NHS Dental patient claims in England and Wales.
It also holds some details of private treatment for the new dental contract pilot.
The data is then used by ‘loss recovery services’ and placed in the data warehouse and the data analytics laboratory
Information asset owner has taken active ownership of residual minor risks.
This system holds personal data for all staff employed within the NHS in England and Wales.
This includes special category personal data processed by NHS employers relating to:
It may also relate to apprentices under the age of 18.
Staff records can be transferred between employers when they move employment to another NHS Employer.
Minor outstanding risks are actively owned by the information asset owner.
This system will hold personal data for all beneficiaries of payments made under EIBSS.
A limited number of medical conditions can be inferred about the direct beneficiaries
Minor outstanding risks are actively owned by the information asset owner.
These will be resolved in a new system release shortly.
Equality and diversity declarations of more than 1,000 individuals held on ESR are extracted and reported on to make sure equality and diversity legislation obligations are being met during recruitment and employment.
Only minor risks identified and are being actively managed by the information asset owner.
We investigate fraud allegations relating to staff and customers.
All risks are well managed through regular review of the personal data being processed as part of an investigation.
A number of similar HR processes were grouped together, including:
Only minor risks identified and actively managed by the information asset owner.
Patients declaring eligibility for an NHS charge exemption will be sample checked and a penalty charge issued if no valid exemption is found in either:
Only minor risks identified and actively managed by the information asset owner.
Patients on a low income can claim exemption from NHS charges.
This system assesses applications made records the decision and issues exemption certificates.
For over 1,000 applicants, this process can result in processing special categories of personal data.
A digital pilot is being rolled out to remove the need to receive a physical certificate and improve the patient service.
Only minor risks identified and actively managed by the information asset owner.
NHS patients who are pregnant or have been pregnant in the last 12 months can receive exemption from some NHS charges.
This process involves a medical professional confirming patient entitlement and a certificate is issued to the patient.
A digital pilot is currently running to provide digital certificates.
Only minor risks identified and actively managed by the information asset owner.
A medical professional can confirm that a patient has one of a number of specified medical conditions.
These entitle the patient to receive exemption from some NHS charges.
Only minor risks identified and actively managed by the information asset owner.
This system holds NHS job applications for a large number of applicants across the NHS in England and Wales.
This includes equality and diversity declarations and might have additional have criminal offence declarations.
The applications details can then be downloaded and used by NHS employers in their recruitment and selection process.
Only minor risks identified and actively managed by the information asset owner. These are being addressed in the new version of NHS Job being developed by us.
We process overseas reciprocal healthcare applications by UK residents working, studying or retired in the European Economic Area and Switzerland.
Claims are also processed for emergency treatment where the UK resident does not hold a UK GHIC and UK EHIC.
Risks have been identified and are being actively managed by the information asset owner.
This will be reviewed once the Brexit decision is made.
Patients can pay in advance to effectively reduce the cost of their prescription charges. This can be a one off payment or by direct debit.
Disclosure of this personal data could lead to conclusions being reached about the general state of health of an individual or abuse of payment related details.
Only minor risks identified and these are being actively managed by the information asset owner.
NHS Prescriptions that are dispensed to patients outside of a hospital or hospice are sent to us to process.
This is to make sure the dispenser is paid for their services to the NHS.
The information is then used by ‘loss recovery services’ and placed in the data warehouse and the data analytics laboratory.
Only minor risks identified and these are being managed by the information asset owner.
NHS Pension members’ claims for ill health retirement need to be assessed by medical professions to make sure they qualify under the rules of the relevant NHS Pension scheme.
This involves processing detailed medical information and opinions
Only minor risks identified and these are being actively managed by the information asset owner.
We offer a recruitment service for a number of NHS bodies including the our own organisation.
This involves processing:
Only minor risks identified and these are being actively managed by the information asset owner.
We offer staff a genuine choice to use biometric mouse for system authentication.
Minor risks handled by clear consent being given and staff can change their mind at any time.
The use of biometrics delivered by the third party makes full use of the principles of privacy by design.