Data Protection Impact Assessment

EthicalA Data Protection Impact Assessment (DPIA) is a mandatory requirement for situations where data processing is likely to result in high risk to individuals, for example deploying new technology. This is unlikely to be required in dentistry unless you plan to introduce a new software package or install CCTV in the practice.

If a DPIA is required, you should:

Describe the data processing activities you undertake.

Identify and assess the risks to the individuals whose data you process.

Identify the ways in which you intend to address these risks.

Record the outcomes of the DPIA.

Further DPIA advice [1] provided by the Information Commissioner’s Office (ICO).


This interim advice is based on resources from the Information Commissioner’s Office (ICO) website. Although every effort has been made to ensure the accuracy of this advice, SDCEP takes no responsibility for inaccuracies or omissions and does not accept responsibility for any loss, damage or expense resulting from the use of this information. Further advice on complying with GDPR can be found on the ICO website and via the EU GDPR learning resource. Your indemnity organisation may also provide information and resources to help you comply and be able to advise you regarding particular issues that may arise from GDPR implementation.