Overview
For each SEAtS project a DPIA needs to be completed and signed off by the institution. A DPIA is a process that helps you identify and minimise the risks of handling personal data, such as privacy breaches, data loss, or unauthorised access. It provides evidence that risks to individuals whose data is being processed have been considered and sufficient measures taken.
Purpose of a DPIA
A data processing impact assessment for your SEAtS project will:
Identify the purpose and scope of the data processing activities that involve SEAtS.
Analyse the types and sources of personal data collected, stored, or processed by SEAtS, including any personally identifiable information (PII) related to your students.
Evaluate the potential risks and impacts of the data processing activities on the rights and freedoms of the data subjects.
Implement appropriate measures and safeguards to mitigate the risks and ensure compliance with applicable data protection laws and regulations.
Measures may include encryption, anonymisation, pseudonymisation, consent, access control, or audit logs.
Document the findings and outcomes of the assessment and communicate them to relevant stakeholders.
Instructions
Complete all questions in the DPIA template and forward the completed document to the Institution's Data Protection Unit to receive feedback on any risks identified and recommendations on the actions or controls needed to address those risks.
It is the responsibility of the Project Owner/Head of the Institution/Head of Unit to ensure that required controls are put in place and to sign off on any risks arising from the processing.
The DPIA should be updated to reflect any material changes to the processing as the project progresses.