Skip to main content

Sample Data Protection Impact Assessment

Last updated: May 9th, 2025

Important Disclaimer

It is your responsibility as a data controller to conduct a Data Protection Impact Assessment based on the specific risks to your practice and patients. This sample DPIA is provided as a starting point to help you understand what to consider, but you must tailor it to your specific implementation and circumstances. My Practice Manager Ltd cannot complete a DPIA on your behalf, as only you understand your specific workflows, existing systems, and unique risk profile.

1. Overview of Processing

This Data Protection Impact Assessment (DPIA) template is designed to help you assess the risks associated with implementing and using My Practice Manager in your practice, specifically focusing on the Compliance Document Manager feature.

1.1 Purpose of Processing

[In this section, describe your practice's specific purpose for using the Compliance Document Manager. For example:]

The purpose of processing is to manage practice compliance documents efficiently, including:

  • Storage of practice policies, procedures, and compliance documents
  • Distribution of these documents to practice staff
  • Tracking staff acknowledgment of having read and understood key documents
  • Maintaining a record of document versions and review dates

1.2 Data Controller and Processor

Data Controller: [Your practice name] - responsible for determining the purposes and means of processing personal data.

Data Processor: My Practice Manager Ltd - processes personal data on behalf of the controller as outlined in the Data Processing Addendum.

2. Personal Data Being Processed

2.1 Categories of Personal Data

[Review and customize this list based on your intended use]

  • Staff names
  • Staff email addresses
  • Staff job titles/roles
  • Staff document viewing and acknowledgment records
  • Any personal data included within uploaded compliance documents

Note: As specified in the Terms and Conditions and Data Processing Addendum, patient data must NOT be uploaded to or processed by the system.

2.2 Data Subjects

[Customize for your practice]

  • Practice staff (clinical and non-clinical)
  • Practice managers and administrators
  • Any other individuals referenced in compliance documents

2.3 Data Retention

[Specify your planned retention periods, for example:]

Staff acknowledgment records will be retained for [X years] after employment ends to demonstrate compliance with regulatory requirements.

As stated in the Data Processing Addendum, upon account termination, personal data held by My Practice Manager Ltd will be deleted or anonymized within 30 days unless otherwise required by law.

3. Necessity and Proportionality Assessment

3.1 Lawful Basis for Processing

[Select and justify the appropriate lawful basis for your practice, for example:]

The processing of staff personal data is necessary for:

  • Performance of a contract - Processing staff data is necessary for employment contracts, which include requirements for staff to follow practice policies and procedures.
  • Legitimate interests - The practice has a legitimate interest in ensuring and demonstrating regulatory compliance, including evidence that staff have been properly trained and informed of policies.
  • Legal obligation - The practice has legal obligations under CQC regulations to maintain appropriate policies and ensure staff are familiar with them.

3.2 Data Minimization

[Describe how you'll ensure only necessary data is processed, for example:]

We will:

  • Only include staff members who need access to specific documents
  • Review all documents before upload to ensure they don't contain unnecessary personal data
  • Regularly audit and remove outdated documents and user accounts

4. Risk Assessment

[Evaluate the risks specific to your practice's implementation. The following are examples to consider:]

Note: The personal data processed in the Compliance Document Manager is generally "near public" information within the practice environment (names, emails, job roles), and policies and procedures are typically made available to all staff as part of good governance. This significantly reduces the privacy risk compared to systems that process sensitive or confidential personal information.

RiskImpactLikelihoodOverall RiskRationaleMitigation Measures
Unauthorized access to staff dataLowLowLowThe staff data involved (names, emails, roles) is already widely known within the practice and appears on various documents, contact lists, and directories. The information is not sensitive, confidential, or of significant commercial value.
  • Basic access controls
  • Password protection
  • Information only accessible to practice staff
Accidental upload of patient data that is quickly detected (within 24-48 hours)MediumMediumMediumIf patient data is inadvertently uploaded but quickly detected, the risk is mitigated by: (1) limited exposure time, (2) access restricted to authorized practice staff, (3) the underlying technical security of the platform, which meets NHS security standards even though it's not intended for patient data, and (4) prompt remedial action.
  • Staff training on data protection
  • Review process before upload
  • Clear policies prohibiting patient data
  • Contact help@mypracticemanager.co.uk immediately to remove the data from version history
Accidental upload of patient data that remains undetected for an extended periodHighLowMediumUndetected patient data in the system presents a higher risk due to prolonged exposure and potential regulatory implications. However, the likelihood is reduced by document review processes and the visibility of uploaded content to multiple staff members. Access remains limited to authorized practice users.
  • Regular auditing of document content
  • Staff reporting mechanism for inappropriate content
  • Periodic system reviews
  • Clear document naming conventions to aid reviews
Staff not aware of data processingLowLowLowStaff would reasonably expect their basic work contact information to be used for administrative and compliance purposes. The system's purpose is transparent, and staff interaction with it (receiving documents, acknowledging them) makes the processing obvious.
  • Transparency about system purpose
  • Clear communication during implementation
  • Staff briefing on document sharing process

Important: Handling Inadvertent Patient Data Upload

The Compliance Document Manager maintains version history of uploaded documents. If you discover that patient data has been inadvertently uploaded, contact help@mypracticemanager.co.uk immediately. My Practice Manager support team can help remove the data from both the current version and version history. Do not attempt to resolve this by simply uploading a new version, as the patient data will remain in the version history.

5. Technical and Organizational Measures

[Document the measures you'll implement. For example:]

5.1 Technical Security Measures

  • Access controls with unique logins for each staff member
  • Secure access to the system (HTTPS, strong passwords)
  • Regular backups of data
  • Audit trails of document acknowledgments

5.2 Organizational Measures

  • Staff training on data protection and system use
  • Regular review of access permissions
  • Clear policies on acceptable use of the system
  • Regular auditing of stored documents

5.3 Processor Safeguards

As outlined in the Data Processing Addendum, My Practice Manager Ltd has implemented appropriate safeguards including:

  • UK/EEA data storage only
  • Staff confidentiality obligations
  • Technical security measures
  • Subprocessor agreements

6. Data Subject Rights

While the Compliance Document Manager is not a comprehensive HR system, it does process personal data (names, roles, email addresses, and document acknowledgment records), and individuals retain their data protection rights under GDPR.

Subject Access Requests: Due to the limited scope of personal data processed, handling subject access requests is relatively straightforward. When a staff member requests access to their data, the practice can generate a report showing:

  • Basic account information (name, email, role)
  • Which documents they've acknowledged and when
  • Any documents they currently have access to

Other Data Subject Rights: The system also allows for:

  • Correction of inaccurate personal data (e.g., updating email addresses)
  • Deletion of user accounts when staff leave (subject to retention requirements)

[Document your specific process for handling these requests, including:]

  • Who staff should contact to exercise their rights
  • Expected timeframe for response
  • How you'll verify the identity of the requestor

7. Consultation

[Document any consultation you've undertaken, for example:]

In preparing for implementation, we have consulted:

  • Practice staff representatives
  • Our Data Protection Officer
  • My Practice Manager Ltd regarding their data processing practices

8. Conclusion and Sign-off

[Provide your assessment conclusion, for example:]

Based on this assessment, the implementation of the My Practice Manager Compliance Document Manager:

  • Provides significant benefits for practice compliance management
  • Presents low privacy risks as it primarily processes basic staff information that is already widely shared within the practice
  • Has appropriate controls to mitigate the risk of inadvertent patient data processing
  • Complies with data protection principles when implemented as described

DPIA completed by: [Your name and role]

Date: [Date of completion]

Review date: [Date for DPIA review]

Next Steps

This sample DPIA template should be customized to reflect your specific practice circumstances, data flows, and risk assessment. Once completed, it should be reviewed by your Data Protection Officer or Information Governance lead, and kept as part of your data protection documentation. Review this DPIA whenever you make significant changes to how you use the system.