Luton Clinical Commissioning Group

NHS Luton Clinical Commissioning Group

Home  »  Publications  »  Policies  »  Privacy Impact Assessments (PIA)

Privacy Impact Assessments (PIA)

The CCG is required to complete a DPIA before we begin any type of processing which is “likely to result in high risk”.

All new IT systems, databases or on-line data submission systems introduced to the CCG containing person identifiable data (PID), whether patient or staff, must be approved by the Bedfordshire CCG IM& T Group or the Luton CCG Governance and Risk Group to ensure they comply with current technical and information governance requirements.

This checklist is to be used by the Head of Information Governance to ensure compliance with the General Data Protection Regulations 2018 (GDPR) of new processes, software and hardware involving the processing of person identifiable data (PID).

All processes, electronic or manual, software or hardware incorporating the processing of PID must be tested for GDPR/confidentiality compliance prior to implementation/commencement and approved by the IM&T Group/Governance and Risk Group. The Head of Information Governance will periodically carry out data protection compliance checks on existing processes and a report will be made to the appropriate Director and the IM&T Group detailing findings and recommendations if compliance is not met.

A copy of the PIA template is available to download on the right.

Related downloads


Site design and maintenance by CRB Associates