Data Protection Impact Assessment (DPIA)
Trinity College acknowledges that a DPIA should be carried out in certain instances.
It is important that data protection is incorporated into systems and processes from the outset of processing as standard practice. This is achieved by embedding data privacy and security features, settings and controls directly into the design of University projects and systems.
DPIA completion is required as a key component of system and process design, in particular where processing utilises new technologies and, taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of individuals.
Examples of circumstances in which a DPIA is likely to be required include:
- health research as defined under the Health Research Regulations
- processing of large quantities of personal data
- where there is automatic processing/profiling of individuals
- processing of special categories of personal data
- monitoring of publicly accessible areas such as CCTV or location tracking
The DPIA is a mechanism for identifying and examining the impact of new initiatives or new technologies and putting in place measures to minimise or reduce risks.
Trinity College Dublin has developed a DPIA Template for Non-Research (Services) - available here.
Staff and students intending to implement processes which require a DPIA should contact the Data Protection Officer for support.
Trinity College Dublin - Research
Template Documents available here.