Data Protection Impact Assessment (DPIA) Workshop

A Data Protection Impact Assessment (DPIA) is a legal requirement under UK GDPR when an organisation undertakes processing that may pose a high risk to individuals. Many providers are unsure when a DPIA is needed, how to judge the level of risk, or how to embed data protection by design into new projects and systems. This workshop provides a practical introduction to DPIAs, explaining why they matter, how they safeguard individuals, and how they strengthen organisational governance and accountability. Attendees will explore what counts as high-risk processing, how to identify risks to personal data, and how to apply the ICO’s screening checklist and template. The session also highlights how DPIAs fit within wider information governance responsibilities, including when adopting new technologies or handling special category data.

By the end of the workshop, participants will be able to:

• Recognise when a DPIA is legally required
• Identify risks to personal data and judge likelihood and severity
• Apply each step of the DPIA process to real scenarios
• Use the ICO screening checklist and template effectively
• Embed data protection by design into new projects and changes
• Demonstrate how their organisation identifies and minimises data risks, directly supporting DSPT requirement 1.3.8
• Strengthen GDPR compliance and organisational transparency