Skip to content
Muted
  Vibrant
Map & Directions Contact us

Data protection by design and default

The Data Protection Act 2018 (DPA 2018) / UK General Data Protection Regulation (UK GDPR) places a general obligation on data controllers to adopt a data protection by design and default approach to protect the personal data they process.  Controllers are required to implement appropriate technical and organisational measures to show that they have considered and integrated data protection into their processing activities.  This means that the necessary safeguards have been integrated into their processing activities at the planning and development stage.

Data Protection Impact Assessments (DPIAs)

DPIAs are tools that help organisations deliver data protection by design and default by ensuring they meet the expectations of individuals regarding the security and privacy of their personal information. The DPIA process helps identify and minimise the data protection risks of a project. By law a DPIA must be done for processing that is likely to result in a high risk to individuals but it is good practice for assessments to be carried out for any other major projects which require the processing of personal data. 

A DPIA must:

  • describe the nature, scope, context and purposes of the processing;
  • assess necessity, proportionality and compliance measures;
  • identify and assess risks to individuals; and
  • identify any additional measures to mitigate those risks

Our policy is that any change project involving personal data processing is assessed via the DPIA process.  DPIAs are reviewed by our Data Protection Officer to ensure compliance with data protection requirements and approved by our Senior Information Risk Owner to ensure that suitable actions are taken to mitigate any risks identified.

Below is a summary of the DPIAs completed during the last financial year:- 

 

Project name

Project overview

Approval date

Cardiac diagnostic management system

ECG management system

31/08/2023

Community stroke pilot

New questionnaire functionality

20/02/2024

Procurement collaboration

Implementation of specialist Trust procurement alliance

04/07/2023

Healthcare management analysis

Analysis on step down area and telemetry beds

14/04/2023

Urgent referral dashboard

Update to existing dashboard

07/06/2023

Web application

Medical device and web application

26/09/2023

Mentoring platform

Staff mentoring software

01/09/2023

New software

Research project software

05/07/2023

Data transfer mechanism

New data transfer mechanism

18/10/2023

Content management system

Website

01/09/2023

Medical device

New clinical chemistry analyser

11/07/2023

Web application

Update to existing web application

18/10/2023

Data lake

Radiology and imaging data lake

29/08/2023

Content management system

Intranet

29/11/2023

Service amendment

New support arrangement for Friend and Family Test

08/02/2024

New service

Staff stop smoking service

27/11/2023

Analytics support

Third party analytics support and report development

08/02/2024

Web application

Recruitment system

08/02/2024

Research study

Image analysis

08/02/2024

     

For more information about our process or completed DPIAs please contact the Information Governance Team - by email to FOIRequests@lhch.nhs.ukRequests will be processed in line with the Freedom of Information Act 2000.