Think you need to do a DPIA? Ask yourself these questions first

Last updated: 26 November 2020

The questions below are intended to help you decide whether a DPIA is necessary.

Answering ‘yes’ to any of these questions is an indication that a DPIA would be a useful exercise.

You can expand on your answers as the project develops if you need to. You can adapt these questions to develop a screening method that fits more closely with the types of project you are likely to assess.

DPIA screening questions: 
  1. Will the project involve the collection of new information about individuals?
  2. Will the project compel individuals to provide information about themselves?
  3. Will information about individuals be disclosed to organisations or people who have not previously had routine access to the information?
  4. Are you, or will you be, using information about individuals for a purpose for which it is not currently used, or in a way it is not currently used?
  5. Does the project involve you using new technology that might be perceived as being privacy intrusive? For example, the use of biometrics, facial recognition or profiling.
  6. Will the project result in you making decisions or taking action against individuals in ways that can have a significant impact on them?
  7. Is the information about individuals of a kind particularly likely to raise privacy concerns or expectations? For example, health records, criminal records other special category data or other information that people would consider to be private.
  8. Will the project require you to contact individuals in ways that they may find intrusive?