Skip to content

Data Protection Impact Assessments (DPIAs)

A Data Protection Impact Assessment identifies the risks associated with collecting, storing, and using data. This is to mitigate any risk to the University of Bradford and the individual concerned. Completing a DPIA for high risk processing of personal data is required by law.

Conducting a DPIA is beneficial in many ways:

  • It enables an organisation to identify and address privacy problems at an early stage of a project thereby saving time and money in the long run;
  • It can reduce the amount of personal data collected which makes processes simpler and a project more efficient;
  • It demonstrates to stakeholders that you are taking privacy matters seriously and increases trust in an organisation.

The Information Commissioner's Office has promoted the use of DPIAs as an integral part of taking a privacy by design approach.

The University has developed a Procedure for conducting Data Protection Impact Assessments and Data Protection Impact Assessment Template Form based on best practice guidance from the Information Commissioner’s Office; these are available on the University’s information governance intranet site and can be provided to members of the public by emailing