Data Protection Impact Assessment for Civic Hub Project

Closes 28 May 2018

Opened 30 Apr 2018

Overview

A Data Protection Impact Assessment [DPIA] has been prepared in relation to the Civic Hub Project in Dun Laoghaire Rathdown County Council.

The  Civic Hub will be first point of contact for all customer interactions - all channels of communication will be driven through the hub – written correspondence, telephone calls, all departmental email accounts, social media, customer engagement through the web and self-service.

Data Protection Impact Assessment

Data Protection Impact Assessments [DPIAs], also known as Privacy Impact Assessments [“PIAs”), are compulsory under the new EU General Data Protection Regulation (“GDPR”), which comes into effect in May 2018.

Article 35, Data Protection Impact Assessment, of the GDPR states;

“Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operation on the protection of personal data”.

A DPIA is a process designed to describe the processing, assess the necessity and proportionality and to help manage the risks to the rights and freedoms of natural persons resulting from the processing of personal data.

A DPIA is essentially a risk assessment of proposed processing of personal data and a process for building and demonstrating compliance.

In cases where it is not clear whether a DPIA is required, it is recommended that, a DPIA is nonetheless carried out, as it is a useful tool to assist data controllers comply with data protection legislation.

The DPIA process also helps to foster trust in an organisation’s processing operations and demonstrates accountability and transparency. Individuals can be reassured that organisations which use an individual’s information have followed best practice.

To be most effective, a DPIA needs to be conducted early on in the project lifecycle, so that the actions arising from it can be integrated into the project plan. This is consistent with the principle of “Privacy by Design” and should result in the best and least costly means of ensuring privacy risks are minimised and full compliance with data protection legislation is achieved.

Why We Are Consulting

It is intended to carry out a 6 month review of the Data Protection Impact Assessment [DPIA].

The Council is inviting comments from the public on the document 

These comments will be considered as part of the first review.

Comments in relation to the DPIA should be submitted to this authority not later than Monday 28th May 2018

Give Us Your Views

Areas

  • All Areas

Audiences

  • Anyone from any background

Interests

  • All Interests