Embedded Files
This Months Newsletter
A Data Protection Impact Assessment (DPIA), is a document which identifies:
A Data Protection Impact Assessment (DPIA), is a document which identifies:
- What is the purpose of an application or tool within the school
- The data which each application or tool processes
- It identifies the potential risks of the application or tool
- And it includes measures that can be taken to mitigate those risks.
A DPIA does not have to be written by your school's Data Protection Officer (DPO), as a school, you have responsibility for the data which you hold. It is the school's responsibility to maintain and manage the data securely.
What does a DPIA look like?
What does a DPIA look like?
The Information Commissioner's Office
The Information Commissioner's Office
has guidance on what a DPIA is and why they are necessary. This template is available from the ICO website, which can be found here.
If a school chooses to create their own DPIAs...
If a school chooses to create their own DPIAs...
If a school chooses to complete their own DPIAs, it is suggested that your school's DPO review the DPIA you have created.
Schools could make use of AI to create an Agent (Copilot) or Gem (Gemini) to support you in this task. Below is an example that could be replicated and amended to suit your school's needs. The Example below is how this could be done in Copilot.
Open the Copilot tool
Select Create agent
Copy and paste the information below
Name
DPIA Writer
Description
Data Protection Impact Assessment writer
Instructions
Write DPIAs for schools based on the application they specify. The schools are based in Wales and must conform to UK data laws.
Follow the template for a DPIA from the ICO.
Ensure the DPIA identifies the levels of risk and safety, and identifies what actions can be taken to mitigate any issues.
Identify if it is possible to apply MFA
Identify if the application or tool conforms to UK GDPR
List the different forms in which the application or tool holds data
Provide evidence links for where the information was gathered from
Page updated
Report abuse