Project plans to reduce data privacy risks
A new data protection tool designed to assess the impact of personal data misuse has been implemented, to allow for the better protection of personal information.
A recently closed project has delivered a new Data Protection Impact Assessment (DPIA) system, which can be used to identify the usage of personal data throughout the University and effectively reduce and manage the risk of processing personal data.
A DPIA aims to help reduce the risk of harm to individuals through the misuse of their personal information, and can help to design more efficient and effective processes for handling personal data. The new system will also help to insure that projects remain compliant with the General Data Protection Regulation (GDPR) requirements and the University data protection strategy.
The project activity involved the definition of business requirements, a procurement process to select the most relevant solution on the marketplace and system configuration. A consultation process involving workshops with a number of Data Champions and potential system users was then carried out. This provided useful feedback for the service, which was reviewed and implemented where practical.
Following a soft-launch of the system in July, the system is now more widely used throughout the University, with over 100 DPIAs already logged on the system.
The feedback from users of the new system has been overwhelmingly positive. Colleagues find the system easy to use and appreciate the inbuilt logic. Compared to the unsustainable word document in use before, the system makes a complicated legal process fairly easy to complete
Applications for a Data Protection Impact assessment can be made online through OneTrust.