Skip to content
Muted
  Vibrant
Map & Directions Contact us

Data protection by design and default

The Data Protection Act 2018 (DPA 2018) / UK General Data Protection Regulation (UK GDPR) places a general obligation on data controllers to adopt a data protection by design and default approach to protect the personal data they process.  Controllers are required to implement appropriate technical and organisational measures to show that they have considered and integrated data protection into their processing activities.  This means that the necessary safeguards have been integrated into their processing activities at the planning and development stage.

Data Protection Impact Assessments (DPIAs)

DPIAs are tools that help organisations deliver data protection by design and default by ensuring they meet the expectations of individuals regarding the security and privacy of their personal information. The DPIA process helps identify and minimise the data protection risks of a project. By law a DPIA must be done for processing that is likely to result in a high risk to individuals but it is good practice for assessments to be carried out for any other major projects which require the processing of personal data. 

A DPIA must:

  • describe the nature, scope, context and purposes of the processing;
  • assess necessity, proportionality and compliance measures;
  • identify and assess risks to individuals; and
  • identify any additional measures to mitigate those risks

Our policy is that any change project involving personal data processing is assessed via the DPIA process.  DPIAs are reviewed by our Data Protection Officer to ensure compliance with data protection requirements and approved by our Senior Information Risk Owner to ensure that suitable actions are taken to mitigate any risks identified.

Below is a summary of the DPIAs completed during the last financial year:- 

 

Project name

Project overview

Approval date

Ambulatory Monitoring

New medical device

13/04/2022

Data validation

Remote access for data validator auditor

16/08/2022

LHCH web application

National Data Opt Out self-check portal

22/08/2022

Interpreting services

Interpretation and translation services

21/09/2022

New service

New Community Diagnostic Centre (CDC)

21/09/2022

Ambulatory monitoring

Telemedicine medical device

21/09/2022

Blood Analyser and software

Medical device and software

24/10/2022

Mobile application

Patient health application

01/11/2022

Mobile CT scanner

CT Scanner services

01/11/2022

Web application

Rostering system

07/11/2022

Medical device

Telemedicine medical device

02/02/2023

New service

Liverpool Community Diagnostic Service (L-CADS)

02/02/2023

Web application

Research software application

13/02/2023

Mobile application

Staff rostering and communications application

13/02/2023

New service

Introduction of virtual wards

13/02/2023

Web application

Caseload / workflow management platform

02/03/2023

Sign language interpreting services

Sign language interpretation and translation services

08/03/2023

Web application

Clinical audit software

08/03/2023

Web application

Digital dictation software

23/03/2023

Content management system

Private patient website

23/03/2023

For more information about our process or completed DPIAs please contact the Information Governance Team - by email to FOIRequests@lhch.nhs.ukRequests will be processed in line with the Freedom of Information Act 2000.